search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-winbindd: Fix typo in comment.
[Samba/vl.git] / source3 / smbd / open.c
blob0e45c1d4b8b97901bd95889e3ea64918b7a6a55a
1 /*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "smbd/globals.h"
24
25 extern const struct generic_mapping file_generic_mapping;
26
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
29 struct file_id id;
30 };
31
32 static NTSTATUS create_file_unixpath(connection_struct *conn,
33 struct smb_request *req,
34 struct smb_filename *smb_fname,
35 uint32_t access_mask,
36 uint32_t share_access,
37 uint32_t create_disposition,
38 uint32_t create_options,
39 uint32_t file_attributes,
40 uint32_t oplock_request,
41 uint64_t allocation_size,
42 uint32_t private_flags,
43 struct security_descriptor *sd,
44 struct ea_list *ea_list,
45
46 files_struct **result,
47 int *pinfo);
48
49 /****************************************************************************
50 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
51 ****************************************************************************/
52
53 NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
54 const struct security_descriptor *sd,
55 const NT_USER_TOKEN *token,
56 uint32_t access_desired,
57 uint32_t *access_granted)
58 {
59 *access_granted = 0;
60
61 if (get_current_uid(conn) == (uid_t)0) {
62 /* I'm sorry sir, I didn't know you were root... */
63 *access_granted = access_desired;
64 if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
65 *access_granted |= FILE_GENERIC_ALL;
66 }
67 return NT_STATUS_OK;
68 }
69
70 return se_access_check(sd,
71 token,
72 (access_desired & ~FILE_READ_ATTRIBUTES),
73 access_granted);
74 }
75
76 /****************************************************************************
77 Check if we have open rights.
78 ****************************************************************************/
79
80 NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
81 const struct smb_filename *smb_fname,
82 uint32_t access_mask,
83 uint32_t *access_granted)
84 {
85 /* Check if we have rights to open. */
86 NTSTATUS status;
87 struct security_descriptor *sd = NULL;
88
89 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
90 (OWNER_SECURITY_INFORMATION |
91 GROUP_SECURITY_INFORMATION |
92 DACL_SECURITY_INFORMATION),&sd);
93
94 if (!NT_STATUS_IS_OK(status)) {
95 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
96 "on %s: %s\n",
97 smb_fname_str_dbg(smb_fname),
98 nt_errstr(status)));
99 return status;
100 }
101
102 status = smb1_file_se_access_check(conn,
103 sd,
104 get_current_nttok(conn),
105 access_mask,
106 access_granted);
107
108 DEBUG(10,("smbd_check_open_rights: file %s requesting "
109 "0x%x returning 0x%x (%s)\n",
110 smb_fname_str_dbg(smb_fname),
111 (unsigned int)access_mask,
112 (unsigned int)*access_granted,
113 nt_errstr(status) ));
114
115 if (!NT_STATUS_IS_OK(status)) {
116 if (DEBUGLEVEL >= 10) {
117 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
118 smb_fname_str_dbg(smb_fname) ));
119 NDR_PRINT_DEBUG(security_descriptor, sd);
120 }
121 }
122
123 TALLOC_FREE(sd);
124
125 return status;
126 }
127
128 /****************************************************************************
129 fd support routines - attempt to do a dos_open.
130 ****************************************************************************/
131
132 static NTSTATUS fd_open(struct connection_struct *conn,
133 files_struct *fsp,
134 int flags,
135 mode_t mode)
136 {
137 struct smb_filename *smb_fname = fsp->fsp_name;
138 NTSTATUS status = NT_STATUS_OK;
139
140 #ifdef O_NOFOLLOW
141 /*
142 * Never follow symlinks on a POSIX client. The
143 * client should be doing this.
144 */
145
146 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
147 flags |= O_NOFOLLOW;
148 }
149 #endif
150
151 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
152 if (fsp->fh->fd == -1) {
153 status = map_nt_error_from_unix(errno);
154 if (errno == EMFILE) {
155 static time_t last_warned = 0L;
156
157 if (time((time_t *) NULL) > last_warned) {
158 DEBUG(0,("Too many open files, unable "
159 "to open more! smbd's max "
160 "open files = %d\n",
161 lp_max_open_files()));
162 last_warned = time((time_t *) NULL);
163 }
164 }
165
166 }
167
168 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
169 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
170 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
171
172 return status;
173 }
174
175 /****************************************************************************
176 Close the file associated with a fsp.
177 ****************************************************************************/
178
179 NTSTATUS fd_close(files_struct *fsp)
180 {
181 int ret;
182
183 if (fsp->fh->fd == -1) {
184 return NT_STATUS_OK; /* What we used to call a stat open. */
185 }
186 if (fsp->fh->ref_count > 1) {
187 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
188 }
189
190 ret = SMB_VFS_CLOSE(fsp);
191 fsp->fh->fd = -1;
192 if (ret == -1) {
193 return map_nt_error_from_unix(errno);
194 }
195 return NT_STATUS_OK;
196 }
197
198 /****************************************************************************
199 Change the ownership of a file to that of the parent directory.
200 Do this by fd if possible.
201 ****************************************************************************/
202
203 void change_file_owner_to_parent(connection_struct *conn,
204 const char *inherit_from_dir,
205 files_struct *fsp)
206 {
207 struct smb_filename *smb_fname_parent = NULL;
208 NTSTATUS status;
209 int ret;
210
211 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
212 NULL, NULL, &smb_fname_parent);
213 if (!NT_STATUS_IS_OK(status)) {
214 return;
215 }
216
217 ret = SMB_VFS_STAT(conn, smb_fname_parent);
218 if (ret == -1) {
219 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
220 "directory %s. Error was %s\n",
221 smb_fname_str_dbg(smb_fname_parent),
222 strerror(errno)));
223 return;
224 }
225
226 become_root();
227 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
228 unbecome_root();
229 if (ret == -1) {
230 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
231 "file %s to parent directory uid %u. Error "
232 "was %s\n", fsp_str_dbg(fsp),
233 (unsigned int)smb_fname_parent->st.st_ex_uid,
234 strerror(errno) ));
235 }
236
237 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
238 "parent directory uid %u.\n", fsp_str_dbg(fsp),
239 (unsigned int)smb_fname_parent->st.st_ex_uid));
240
241 TALLOC_FREE(smb_fname_parent);
242 }
243
244 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
245 const char *inherit_from_dir,
246 const char *fname,
247 SMB_STRUCT_STAT *psbuf)
248 {
249 struct smb_filename *smb_fname_parent = NULL;
250 struct smb_filename *smb_fname_cwd = NULL;
251 char *saved_dir = NULL;
252 TALLOC_CTX *ctx = talloc_tos();
253 NTSTATUS status = NT_STATUS_OK;
254 int ret;
255
256 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
257 &smb_fname_parent);
258 if (!NT_STATUS_IS_OK(status)) {
259 return status;
260 }
261
262 ret = SMB_VFS_STAT(conn, smb_fname_parent);
263 if (ret == -1) {
264 status = map_nt_error_from_unix(errno);
265 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
266 "directory %s. Error was %s\n",
267 smb_fname_str_dbg(smb_fname_parent),
268 strerror(errno)));
269 goto out;
270 }
271
272 /* We've already done an lstat into psbuf, and we know it's a
273 directory. If we can cd into the directory and the dev/ino
274 are the same then we can safely chown without races as
275 we're locking the directory in place by being in it. This
276 should work on any UNIX (thanks tridge :-). JRA.
277 */
278
279 saved_dir = vfs_GetWd(ctx,conn);
280 if (!saved_dir) {
281 status = map_nt_error_from_unix(errno);
282 DEBUG(0,("change_dir_owner_to_parent: failed to get "
283 "current working directory. Error was %s\n",
284 strerror(errno)));
285 goto out;
286 }
287
288 /* Chdir into the new path. */
289 if (vfs_ChDir(conn, fname) == -1) {
290 status = map_nt_error_from_unix(errno);
291 DEBUG(0,("change_dir_owner_to_parent: failed to change "
292 "current working directory to %s. Error "
293 "was %s\n", fname, strerror(errno) ));
294 goto chdir;
295 }
296
297 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
298 &smb_fname_cwd);
299 if (!NT_STATUS_IS_OK(status)) {
300 return status;
301 }
302
303 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
304 if (ret == -1) {
305 status = map_nt_error_from_unix(errno);
306 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
307 "directory '.' (%s) Error was %s\n",
308 fname, strerror(errno)));
309 goto chdir;
310 }
311
312 /* Ensure we're pointing at the same place. */
313 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
314 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino ||
315 smb_fname_cwd->st.st_ex_mode != psbuf->st_ex_mode ) {
316 DEBUG(0,("change_dir_owner_to_parent: "
317 "device/inode/mode on directory %s changed. "
318 "Refusing to chown !\n", fname ));
319 status = NT_STATUS_ACCESS_DENIED;
320 goto chdir;
321 }
322
323 become_root();
324 ret = SMB_VFS_CHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
325 (gid_t)-1);
326 unbecome_root();
327 if (ret == -1) {
328 status = map_nt_error_from_unix(errno);
329 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
330 "directory %s to parent directory uid %u. "
331 "Error was %s\n", fname,
332 (unsigned int)smb_fname_parent->st.st_ex_uid,
333 strerror(errno) ));
334 goto chdir;
335 }
336
337 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
338 "directory %s to parent directory uid %u.\n",
339 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
340
341 chdir:
342 vfs_ChDir(conn,saved_dir);
343 out:
344 TALLOC_FREE(smb_fname_parent);
345 TALLOC_FREE(smb_fname_cwd);
346 return status;
347 }
348
349 /****************************************************************************
350 Open a file.
351 ****************************************************************************/
352
353 static NTSTATUS open_file(files_struct *fsp,
354 connection_struct *conn,
355 struct smb_request *req,
356 const char *parent_dir,
357 int flags,
358 mode_t unx_mode,
359 uint32 access_mask, /* client requested access mask. */
360 uint32 open_access_mask) /* what we're actually using in the open. */
361 {
362 struct smb_filename *smb_fname = fsp->fsp_name;
363 NTSTATUS status = NT_STATUS_OK;
364 int accmode = (flags & O_ACCMODE);
365 int local_flags = flags;
366 bool file_existed = VALID_STAT(fsp->fsp_name->st);
367
368 fsp->fh->fd = -1;
369 errno = EPERM;
370
371 /* Check permissions */
372
373 /*
374 * This code was changed after seeing a client open request
375 * containing the open mode of (DENY_WRITE/read-only) with
376 * the 'create if not exist' bit set. The previous code
377 * would fail to open the file read only on a read-only share
378 * as it was checking the flags parameter directly against O_RDONLY,
379 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
380 * JRA.
381 */
382
383 if (!CAN_WRITE(conn)) {
384 /* It's a read-only share - fail if we wanted to write. */
385 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
386 DEBUG(3,("Permission denied opening %s\n",
387 smb_fname_str_dbg(smb_fname)));
388 return NT_STATUS_ACCESS_DENIED;
389 } else if(flags & O_CREAT) {
390 /* We don't want to write - but we must make sure that
391 O_CREAT doesn't create the file if we have write
392 access into the directory.
393 */
394 flags &= ~(O_CREAT|O_EXCL);
395 local_flags &= ~(O_CREAT|O_EXCL);
396 }
397 }
398
399 /*
400 * This little piece of insanity is inspired by the
401 * fact that an NT client can open a file for O_RDONLY,
402 * but set the create disposition to FILE_EXISTS_TRUNCATE.
403 * If the client *can* write to the file, then it expects to
404 * truncate the file, even though it is opening for readonly.
405 * Quicken uses this stupid trick in backup file creation...
406 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
407 * for helping track this one down. It didn't bite us in 2.0.x
408 * as we always opened files read-write in that release. JRA.
409 */
410
411 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
412 DEBUG(10,("open_file: truncate requested on read-only open "
413 "for file %s\n", smb_fname_str_dbg(smb_fname)));
414 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
415 }
416
417 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
418 (!file_existed && (local_flags & O_CREAT)) ||
419 ((local_flags & O_TRUNC) == O_TRUNC) ) {
420 const char *wild;
421
422 /*
423 * We can't actually truncate here as the file may be locked.
424 * open_file_ntcreate will take care of the truncate later. JRA.
425 */
426
427 local_flags &= ~O_TRUNC;
428
429 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
430 /*
431 * We would block on opening a FIFO with no one else on the
432 * other end. Do what we used to do and add O_NONBLOCK to the
433 * open flags. JRA.
434 */
435
436 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
437 local_flags |= O_NONBLOCK;
438 }
439 #endif
440
441 /* Don't create files with Microsoft wildcard characters. */
442 if (fsp->base_fsp) {
443 /*
444 * wildcard characters are allowed in stream names
445 * only test the basefilename
446 */
447 wild = fsp->base_fsp->fsp_name->base_name;
448 } else {
449 wild = smb_fname->base_name;
450 }
451 if ((local_flags & O_CREAT) && !file_existed &&
452 ms_has_wild(wild)) {
453 return NT_STATUS_OBJECT_NAME_INVALID;
454 }
455
456 /* Actually do the open */
457 status = fd_open(conn, fsp, local_flags, unx_mode);
458 if (!NT_STATUS_IS_OK(status)) {
459 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
460 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
461 nt_errstr(status),local_flags,flags));
462 return status;
463 }
464
465 if ((local_flags & O_CREAT) && !file_existed) {
466
467 /* Inherit the ACL if required */
468 if (lp_inherit_perms(SNUM(conn))) {
469 inherit_access_posix_acl(conn, parent_dir,
470 smb_fname->base_name,
471 unx_mode);
472 }
473
474 /* Change the owner if required. */
475 if (lp_inherit_owner(SNUM(conn))) {
476 change_file_owner_to_parent(conn, parent_dir,
477 fsp);
478 }
479
480 notify_fname(conn, NOTIFY_ACTION_ADDED,
481 FILE_NOTIFY_CHANGE_FILE_NAME,
482 smb_fname->base_name);
483 }
484
485 } else {
486 fsp->fh->fd = -1; /* What we used to call a stat open. */
487 if (file_existed) {
488 uint32_t access_granted = 0;
489
490 status = smbd_check_open_rights(conn,
491 smb_fname,
492 access_mask,
493 &access_granted);
494 if (!NT_STATUS_IS_OK(status)) {
495 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
496 /*
497 * On NT_STATUS_ACCESS_DENIED, access_granted
498 * contains the denied bits.
499 */
500
501 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
502 (access_granted & FILE_WRITE_ATTRIBUTES) &&
503 (lp_map_readonly(SNUM(conn)) ||
504 lp_map_archive(SNUM(conn)) ||
505 lp_map_hidden(SNUM(conn)) ||
506 lp_map_system(SNUM(conn)))) {
507 access_granted &= ~FILE_WRITE_ATTRIBUTES;
508
509 DEBUG(10,("open_file: "
510 "overrode "
511 "FILE_WRITE_"
512 "ATTRIBUTES "
513 "on file %s\n",
514 smb_fname_str_dbg(
515 smb_fname)));
516 }
517
518 if ((access_mask & DELETE_ACCESS) &&
519 (access_granted & DELETE_ACCESS) &&
520 can_delete_file_in_directory(conn,
521 smb_fname)) {
522 /* Were we trying to do a stat open
523 * for delete and didn't get DELETE
524 * access (only) ? Check if the
525 * directory allows DELETE_CHILD.
526 * See here:
527 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
528 * for details. */
529
530 access_granted &= ~DELETE_ACCESS;
531
532 DEBUG(10,("open_file: "
533 "overrode "
534 "DELETE_ACCESS on "
535 "file %s\n",
536 smb_fname_str_dbg(
537 smb_fname)));
538 }
539
540 if (access_granted != 0) {
541 DEBUG(10,("open_file: Access "
542 "denied on file "
543 "%s\n",
544 smb_fname_str_dbg(
545 smb_fname)));
546 return status;
547 }
548 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
549 fsp->posix_open &&
550 S_ISLNK(smb_fname->st.st_ex_mode)) {
551 /* This is a POSIX stat open for delete
552 * or rename on a symlink that points
553 * nowhere. Allow. */
554 DEBUG(10,("open_file: allowing POSIX "
555 "open on bad symlink %s\n",
556 smb_fname_str_dbg(
557 smb_fname)));
558 } else {
559 DEBUG(10,("open_file: "
560 "smbd_check_open_rights on file "
561 "%s returned %s\n",
562 smb_fname_str_dbg(smb_fname),
563 nt_errstr(status) ));
564 return status;
565 }
566 }
567 }
568 }
569
570 if (!file_existed) {
571 int ret;
572
573 if (fsp->fh->fd == -1) {
574 ret = SMB_VFS_STAT(conn, smb_fname);
575 } else {
576 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
577 /* If we have an fd, this stat should succeed. */
578 if (ret == -1) {
579 DEBUG(0,("Error doing fstat on open file %s "
580 "(%s)\n",
581 smb_fname_str_dbg(smb_fname),
582 strerror(errno) ));
583 }
584 }
585
586 /* For a non-io open, this stat failing means file not found. JRA */
587 if (ret == -1) {
588 status = map_nt_error_from_unix(errno);
589 fd_close(fsp);
590 return status;
591 }
592 }
593
594 /*
595 * POSIX allows read-only opens of directories. We don't
596 * want to do this (we use a different code path for this)
597 * so catch a directory open and return an EISDIR. JRA.
598 */
599
600 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
601 fd_close(fsp);
602 errno = EISDIR;
603 return NT_STATUS_FILE_IS_A_DIRECTORY;
604 }
605
606 fsp->mode = smb_fname->st.st_ex_mode;
607 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
608 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
609 fsp->file_pid = req ? req->smbpid : 0;
610 fsp->can_lock = True;
611 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
612 if (!CAN_WRITE(conn)) {
613 fsp->can_write = False;
614 } else {
615 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
616 True : False;
617 }
618 fsp->print_file = False;
619 fsp->modified = False;
620 fsp->sent_oplock_break = NO_BREAK_SENT;
621 fsp->is_directory = False;
622 if (conn->aio_write_behind_list &&
623 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
624 conn->case_sensitive)) {
625 fsp->aio_write_behind = True;
626 }
627
628 fsp->wcp = NULL; /* Write cache pointer. */
629
630 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
631 conn->server_info->unix_name,
632 smb_fname_str_dbg(smb_fname),
633 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
634 conn->num_files_open));
635
636 errno = 0;
637 return NT_STATUS_OK;
638 }
639
640 /*******************************************************************
641 Return True if the filename is one of the special executable types.
642 ********************************************************************/
643
644 bool is_executable(const char *fname)
645 {
646 if ((fname = strrchr_m(fname,'.'))) {
647 if (strequal(fname,".com") ||
648 strequal(fname,".dll") ||
649 strequal(fname,".exe") ||
650 strequal(fname,".sym")) {
651 return True;
652 }
653 }
654 return False;
655 }
656
657 /****************************************************************************
658 Check if we can open a file with a share mode.
659 Returns True if conflict, False if not.
660 ****************************************************************************/
661
662 static bool share_conflict(struct share_mode_entry *entry,
663 uint32 access_mask,
664 uint32 share_access)
665 {
666 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
667 "entry->share_access = 0x%x, "
668 "entry->private_options = 0x%x\n",
669 (unsigned int)entry->access_mask,
670 (unsigned int)entry->share_access,
671 (unsigned int)entry->private_options));
672
673 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
674 (unsigned int)access_mask, (unsigned int)share_access));
675
676 if ((entry->access_mask & (FILE_WRITE_DATA|
677 FILE_APPEND_DATA|
678 FILE_READ_DATA|
679 FILE_EXECUTE|
680 DELETE_ACCESS)) == 0) {
681 DEBUG(10,("share_conflict: No conflict due to "
682 "entry->access_mask = 0x%x\n",
683 (unsigned int)entry->access_mask ));
684 return False;
685 }
686
687 if ((access_mask & (FILE_WRITE_DATA|
688 FILE_APPEND_DATA|
689 FILE_READ_DATA|
690 FILE_EXECUTE|
691 DELETE_ACCESS)) == 0) {
692 DEBUG(10,("share_conflict: No conflict due to "
693 "access_mask = 0x%x\n",
694 (unsigned int)access_mask ));
695 return False;
696 }
697
698 #if 1 /* JRA TEST - Superdebug. */
699 #define CHECK_MASK(num, am, right, sa, share) \
700 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
701 (unsigned int)(num), (unsigned int)(am), \
702 (unsigned int)(right), (unsigned int)(am)&(right) )); \
703 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
704 (unsigned int)(num), (unsigned int)(sa), \
705 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
706 if (((am) & (right)) && !((sa) & (share))) { \
707 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
708 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
709 (unsigned int)(share) )); \
710 return True; \
711 }
712 #else
713 #define CHECK_MASK(num, am, right, sa, share) \
714 if (((am) & (right)) && !((sa) & (share))) { \
715 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
716 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
717 (unsigned int)(share) )); \
718 return True; \
719 }
720 #endif
721
722 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
723 share_access, FILE_SHARE_WRITE);
724 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
725 entry->share_access, FILE_SHARE_WRITE);
726
727 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
728 share_access, FILE_SHARE_READ);
729 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
730 entry->share_access, FILE_SHARE_READ);
731
732 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
733 share_access, FILE_SHARE_DELETE);
734 CHECK_MASK(6, access_mask, DELETE_ACCESS,
735 entry->share_access, FILE_SHARE_DELETE);
736
737 DEBUG(10,("share_conflict: No conflict.\n"));
738 return False;
739 }
740
741 #if defined(DEVELOPER)
742 static void validate_my_share_entries(int num,
743 struct share_mode_entry *share_entry)
744 {
745 files_struct *fsp;
746
747 if (!procid_is_me(&share_entry->pid)) {
748 return;
749 }
750
751 if (is_deferred_open_entry(share_entry) &&
752 !open_was_deferred(share_entry->op_mid)) {
753 char *str = talloc_asprintf(talloc_tos(),
754 "Got a deferred entry without a request: "
755 "PANIC: %s\n",
756 share_mode_str(talloc_tos(), num, share_entry));
757 smb_panic(str);
758 }
759
760 if (!is_valid_share_mode_entry(share_entry)) {
761 return;
762 }
763
764 fsp = file_find_dif(share_entry->id,
765 share_entry->share_file_id);
766 if (!fsp) {
767 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
768 share_mode_str(talloc_tos(), num, share_entry) ));
769 smb_panic("validate_my_share_entries: Cannot match a "
770 "share entry with an open file\n");
771 }
772
773 if (is_deferred_open_entry(share_entry) ||
774 is_unused_share_mode_entry(share_entry)) {
775 goto panic;
776 }
777
778 if ((share_entry->op_type == NO_OPLOCK) &&
779 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
780 /* Someone has already written to it, but I haven't yet
781 * noticed */
782 return;
783 }
784
785 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
786 goto panic;
787 }
788
789 return;
790
791 panic:
792 {
793 char *str;
794 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
795 share_mode_str(talloc_tos(), num, share_entry) ));
796 str = talloc_asprintf(talloc_tos(),
797 "validate_my_share_entries: "
798 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
799 fsp->fsp_name->base_name,
800 (unsigned int)fsp->oplock_type,
801 (unsigned int)share_entry->op_type );
802 smb_panic(str);
803 }
804 }
805 #endif
806
807 bool is_stat_open(uint32 access_mask)
808 {
809 return (access_mask &&
810 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
811 FILE_WRITE_ATTRIBUTES))==0) &&
812 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
813 FILE_WRITE_ATTRIBUTES)) != 0));
814 }
815
816 /****************************************************************************
817 Deal with share modes
818 Invarient: Share mode must be locked on entry and exit.
819 Returns -1 on error, or number of share modes on success (may be zero).
820 ****************************************************************************/
821
822 static NTSTATUS open_mode_check(connection_struct *conn,
823 struct share_mode_lock *lck,
824 uint32 access_mask,
825 uint32 share_access,
826 uint32 create_options,
827 bool *file_existed)
828 {
829 int i;
830
831 if(lck->num_share_modes == 0) {
832 return NT_STATUS_OK;
833 }
834
835 *file_existed = True;
836
837 /* A delete on close prohibits everything */
838
839 if (lck->delete_on_close) {
840 return NT_STATUS_DELETE_PENDING;
841 }
842
843 if (is_stat_open(access_mask)) {
844 /* Stat open that doesn't trigger oplock breaks or share mode
845 * checks... ! JRA. */
846 return NT_STATUS_OK;
847 }
848
849 /*
850 * Check if the share modes will give us access.
851 */
852
853 #if defined(DEVELOPER)
854 for(i = 0; i < lck->num_share_modes; i++) {
855 validate_my_share_entries(i, &lck->share_modes[i]);
856 }
857 #endif
858
859 if (!lp_share_modes(SNUM(conn))) {
860 return NT_STATUS_OK;
861 }
862
863 /* Now we check the share modes, after any oplock breaks. */
864 for(i = 0; i < lck->num_share_modes; i++) {
865
866 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
867 continue;
868 }
869
870 /* someone else has a share lock on it, check to see if we can
871 * too */
872 if (share_conflict(&lck->share_modes[i],
873 access_mask, share_access)) {
874 return NT_STATUS_SHARING_VIOLATION;
875 }
876 }
877
878 return NT_STATUS_OK;
879 }
880
881 static bool is_delete_request(files_struct *fsp) {
882 return ((fsp->access_mask == DELETE_ACCESS) &&
883 (fsp->oplock_type == NO_OPLOCK));
884 }
885
886 /*
887 * Send a break message to the oplock holder and delay the open for
888 * our client.
889 */
890
891 static NTSTATUS send_break_message(files_struct *fsp,
892 struct share_mode_entry *exclusive,
893 uint64_t mid,
894 int oplock_request)
895 {
896 NTSTATUS status;
897 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
898
899 DEBUG(10, ("Sending break request to PID %s\n",
900 procid_str_static(&exclusive->pid)));
901 exclusive->op_mid = mid;
902
903 /* Create the message. */
904 share_mode_entry_to_message(msg, exclusive);
905
906 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
907 don't want this set in the share mode struct pointed to by lck. */
908
909 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
910 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET,
911 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
912 }
913
914 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
915 MSG_SMB_BREAK_REQUEST,
916 (uint8 *)msg,
917 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
918 if (!NT_STATUS_IS_OK(status)) {
919 DEBUG(3, ("Could not send oplock break message: %s\n",
920 nt_errstr(status)));
921 }
922
923 return status;
924 }
925
926 /*
927 * 1) No files open at all or internal open: Grant whatever the client wants.
928 *
929 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
930 * request, break if the oplock around is a batch oplock. If it's another
931 * requested access type, break.
932 *
933 * 3) Only level2 around: Grant level2 and do nothing else.
934 */
935
936 static bool delay_for_oplocks(struct share_mode_lock *lck,
937 files_struct *fsp,
938 uint64_t mid,
939 int pass_number,
940 int oplock_request)
941 {
942 int i;
943 struct share_mode_entry *exclusive = NULL;
944 bool valid_entry = false;
945 bool have_level2 = false;
946 bool have_a_none_oplock = false;
947 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
948 lp_level2_oplocks(SNUM(fsp->conn));
949
950 if (oplock_request & INTERNAL_OPEN_ONLY) {
951 fsp->oplock_type = NO_OPLOCK;
952 }
953
954 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
955 return false;
956 }
957
958 for (i=0; i<lck->num_share_modes; i++) {
959
960 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
961 continue;
962 }
963
964 /* At least one entry is not an invalid or deferred entry. */
965 valid_entry = true;
966
967 if (pass_number == 1) {
968 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
969 SMB_ASSERT(exclusive == NULL);
970 exclusive = &lck->share_modes[i];
971 }
972 } else {
973 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
974 SMB_ASSERT(exclusive == NULL);
975 exclusive = &lck->share_modes[i];
976 }
977 }
978
979 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
980 SMB_ASSERT(exclusive == NULL);
981 have_level2 = true;
982 }
983
984 if (lck->share_modes[i].op_type == NO_OPLOCK) {
985 have_a_none_oplock = true;
986 }
987 }
988
989 if (exclusive != NULL) { /* Found an exclusive oplock */
990 bool delay_it = is_delete_request(fsp) ?
991 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
992 SMB_ASSERT(!have_level2);
993 if (delay_it) {
994 send_break_message(fsp, exclusive, mid, oplock_request);
995 return true;
996 }
997 }
998
999 /*
1000 * Match what was requested (fsp->oplock_type) with
1001 * what was found in the existing share modes.
1002 */
1003
1004 if (!valid_entry) {
1005 /* All entries are placeholders or deferred.
1006 * Directly grant whatever the client wants. */
1007 if (fsp->oplock_type == NO_OPLOCK) {
1008 /* Store a level2 oplock, but don't tell the client */
1009 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1010 }
1011 } else if (have_a_none_oplock) {
1012 fsp->oplock_type = NO_OPLOCK;
1013 } else if (have_level2) {
1014 if (fsp->oplock_type == NO_OPLOCK ||
1015 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1016 /* Store a level2 oplock, but don't tell the client */
1017 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1018 } else {
1019 fsp->oplock_type = LEVEL_II_OPLOCK;
1020 }
1021 } else {
1022 /* This case can never happen. */
1023 SMB_ASSERT(1);
1024 }
1025
1026 /*
1027 * Don't grant level2 to clients that don't want them
1028 * or if we've turned them off.
1029 */
1030 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1031 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1032 }
1033
1034 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
1035 fsp->oplock_type, fsp_str_dbg(fsp)));
1036
1037 /* No delay. */
1038 return false;
1039 }
1040
1041 bool request_timed_out(struct timeval request_time,
1042 struct timeval timeout)
1043 {
1044 struct timeval now, end_time;
1045 GetTimeOfDay(&now);
1046 end_time = timeval_sum(&request_time, &timeout);
1047 return (timeval_compare(&end_time, &now) < 0);
1048 }
1049
1050 /****************************************************************************
1051 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1052 ****************************************************************************/
1053
1054 static void defer_open(struct share_mode_lock *lck,
1055 struct timeval request_time,
1056 struct timeval timeout,
1057 struct smb_request *req,
1058 struct deferred_open_record *state)
1059 {
1060 int i;
1061
1062 /* Paranoia check */
1063
1064 for (i=0; i<lck->num_share_modes; i++) {
1065 struct share_mode_entry *e = &lck->share_modes[i];
1066
1067 if (!is_deferred_open_entry(e)) {
1068 continue;
1069 }
1070
1071 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
1072 DEBUG(0, ("Trying to defer an already deferred "
1073 "request: mid=%llu, exiting\n",
1074 (unsigned long long)req->mid));
1075 exit_server("attempt to defer a deferred request");
1076 }
1077 }
1078
1079 /* End paranoia check */
1080
1081 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1082 "open entry for mid %llu\n",
1083 (unsigned int)request_time.tv_sec,
1084 (unsigned int)request_time.tv_usec,
1085 (unsigned long long)req->mid));
1086
1087 if (!push_deferred_open_message_smb(req, request_time, timeout,
1088 (char *)state, sizeof(*state))) {
1089 exit_server("push_deferred_open_message_smb failed");
1090 }
1091 add_deferred_open(lck, req->mid, request_time, state->id);
1092 }
1093
1094
1095 /****************************************************************************
1096 On overwrite open ensure that the attributes match.
1097 ****************************************************************************/
1098
1099 bool open_match_attributes(connection_struct *conn,
1100 uint32 old_dos_attr,
1101 uint32 new_dos_attr,
1102 mode_t existing_unx_mode,
1103 mode_t new_unx_mode,
1104 mode_t *returned_unx_mode)
1105 {
1106 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1107
1108 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1109 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1110
1111 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1112 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1113 *returned_unx_mode = new_unx_mode;
1114 } else {
1115 *returned_unx_mode = (mode_t)0;
1116 }
1117
1118 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1119 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1120 "returned_unx_mode = 0%o\n",
1121 (unsigned int)old_dos_attr,
1122 (unsigned int)existing_unx_mode,
1123 (unsigned int)new_dos_attr,
1124 (unsigned int)*returned_unx_mode ));
1125
1126 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1127 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1128 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1129 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1130 return False;
1131 }
1132 }
1133 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1134 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1135 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1136 return False;
1137 }
1138 }
1139 return True;
1140 }
1141
1142 /****************************************************************************
1143 Special FCB or DOS processing in the case of a sharing violation.
1144 Try and find a duplicated file handle.
1145 ****************************************************************************/
1146
1147 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1148 connection_struct *conn,
1149 files_struct *fsp_to_dup_into,
1150 const struct smb_filename *smb_fname,
1151 struct file_id id,
1152 uint16 file_pid,
1153 uint16 vuid,
1154 uint32 access_mask,
1155 uint32 share_access,
1156 uint32 create_options)
1157 {
1158 files_struct *fsp;
1159
1160 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1161 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1162
1163 for(fsp = file_find_di_first(id); fsp;
1164 fsp = file_find_di_next(fsp)) {
1165
1166 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1167 "vuid = %u, file_pid = %u, private_options = 0x%x "
1168 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1169 fsp->fh->fd, (unsigned int)fsp->vuid,
1170 (unsigned int)fsp->file_pid,
1171 (unsigned int)fsp->fh->private_options,
1172 (unsigned int)fsp->access_mask ));
1173
1174 if (fsp->fh->fd != -1 &&
1175 fsp->vuid == vuid &&
1176 fsp->file_pid == file_pid &&
1177 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1178 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1179 (fsp->access_mask & FILE_WRITE_DATA) &&
1180 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1181 strequal(fsp->fsp_name->stream_name,
1182 smb_fname->stream_name)) {
1183 DEBUG(10,("fcb_or_dos_open: file match\n"));
1184 break;
1185 }
1186 }
1187
1188 if (!fsp) {
1189 return NT_STATUS_NOT_FOUND;
1190 }
1191
1192 /* quite an insane set of semantics ... */
1193 if (is_executable(smb_fname->base_name) &&
1194 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1195 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1196 return NT_STATUS_INVALID_PARAMETER;
1197 }
1198
1199 /* We need to duplicate this fsp. */
1200 return dup_file_fsp(req, fsp, access_mask, share_access,
1201 create_options, fsp_to_dup_into);
1202 }
1203
1204 /****************************************************************************
1205 Open a file with a share mode - old openX method - map into NTCreate.
1206 ****************************************************************************/
1207
1208 bool map_open_params_to_ntcreate(const struct smb_filename *smb_fname,
1209 int deny_mode, int open_func,
1210 uint32 *paccess_mask,
1211 uint32 *pshare_mode,
1212 uint32 *pcreate_disposition,
1213 uint32 *pcreate_options,
1214 uint32_t *pprivate_flags)
1215 {
1216 uint32 access_mask;
1217 uint32 share_mode;
1218 uint32 create_disposition;
1219 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1220 uint32_t private_flags = 0;
1221
1222 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1223 "open_func = 0x%x\n",
1224 smb_fname_str_dbg(smb_fname), (unsigned int)deny_mode,
1225 (unsigned int)open_func ));
1226
1227 /* Create the NT compatible access_mask. */
1228 switch (GET_OPENX_MODE(deny_mode)) {
1229 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1230 case DOS_OPEN_RDONLY:
1231 access_mask = FILE_GENERIC_READ;
1232 break;
1233 case DOS_OPEN_WRONLY:
1234 access_mask = FILE_GENERIC_WRITE;
1235 break;
1236 case DOS_OPEN_RDWR:
1237 case DOS_OPEN_FCB:
1238 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1239 break;
1240 default:
1241 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1242 (unsigned int)GET_OPENX_MODE(deny_mode)));
1243 return False;
1244 }
1245
1246 /* Create the NT compatible create_disposition. */
1247 switch (open_func) {
1248 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1249 create_disposition = FILE_CREATE;
1250 break;
1251
1252 case OPENX_FILE_EXISTS_OPEN:
1253 create_disposition = FILE_OPEN;
1254 break;
1255
1256 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1257 create_disposition = FILE_OPEN_IF;
1258 break;
1259
1260 case OPENX_FILE_EXISTS_TRUNCATE:
1261 create_disposition = FILE_OVERWRITE;
1262 break;
1263
1264 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1265 create_disposition = FILE_OVERWRITE_IF;
1266 break;
1267
1268 default:
1269 /* From samba4 - to be confirmed. */
1270 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1271 create_disposition = FILE_CREATE;
1272 break;
1273 }
1274 DEBUG(10,("map_open_params_to_ntcreate: bad "
1275 "open_func 0x%x\n", (unsigned int)open_func));
1276 return False;
1277 }
1278
1279 /* Create the NT compatible share modes. */
1280 switch (GET_DENY_MODE(deny_mode)) {
1281 case DENY_ALL:
1282 share_mode = FILE_SHARE_NONE;
1283 break;
1284
1285 case DENY_WRITE:
1286 share_mode = FILE_SHARE_READ;
1287 break;
1288
1289 case DENY_READ:
1290 share_mode = FILE_SHARE_WRITE;
1291 break;
1292
1293 case DENY_NONE:
1294 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1295 break;
1296
1297 case DENY_DOS:
1298 private_flags |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1299 if (is_executable(smb_fname->base_name)) {
1300 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1301 } else {
1302 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1303 share_mode = FILE_SHARE_READ;
1304 } else {
1305 share_mode = FILE_SHARE_NONE;
1306 }
1307 }
1308 break;
1309
1310 case DENY_FCB:
1311 private_flags |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1312 share_mode = FILE_SHARE_NONE;
1313 break;
1314
1315 default:
1316 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1317 (unsigned int)GET_DENY_MODE(deny_mode) ));
1318 return False;
1319 }
1320
1321 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1322 "share_mode = 0x%x, create_disposition = 0x%x, "
1323 "create_options = 0x%x private_flags = 0x%x\n",
1324 smb_fname_str_dbg(smb_fname),
1325 (unsigned int)access_mask,
1326 (unsigned int)share_mode,
1327 (unsigned int)create_disposition,
1328 (unsigned int)create_options,
1329 (unsigned int)private_flags));
1330
1331 if (paccess_mask) {
1332 *paccess_mask = access_mask;
1333 }
1334 if (pshare_mode) {
1335 *pshare_mode = share_mode;
1336 }
1337 if (pcreate_disposition) {
1338 *pcreate_disposition = create_disposition;
1339 }
1340 if (pcreate_options) {
1341 *pcreate_options = create_options;
1342 }
1343 if (pprivate_flags) {
1344 *pprivate_flags = private_flags;
1345 }
1346
1347 return True;
1348
1349 }
1350
1351 static void schedule_defer_open(struct share_mode_lock *lck,
1352 struct timeval request_time,
1353 struct smb_request *req)
1354 {
1355 struct deferred_open_record state;
1356
1357 /* This is a relative time, added to the absolute
1358 request_time value to get the absolute timeout time.
1359 Note that if this is the second or greater time we enter
1360 this codepath for this particular request mid then
1361 request_time is left as the absolute time of the *first*
1362 time this request mid was processed. This is what allows
1363 the request to eventually time out. */
1364
1365 struct timeval timeout;
1366
1367 /* Normally the smbd we asked should respond within
1368 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1369 * the client did, give twice the timeout as a safety
1370 * measure here in case the other smbd is stuck
1371 * somewhere else. */
1372
1373 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1374
1375 /* Nothing actually uses state.delayed_for_oplocks
1376 but it's handy to differentiate in debug messages
1377 between a 30 second delay due to oplock break, and
1378 a 1 second delay for share mode conflicts. */
1379
1380 state.delayed_for_oplocks = True;
1381 state.id = lck->id;
1382
1383 if (!request_timed_out(request_time, timeout)) {
1384 defer_open(lck, request_time, timeout, req, &state);
1385 }
1386 }
1387
1388 /****************************************************************************
1389 Work out what access_mask to use from what the client sent us.
1390 ****************************************************************************/
1391
1392 static NTSTATUS calculate_access_mask(connection_struct *conn,
1393 const struct smb_filename *smb_fname,
1394 bool file_existed,
1395 uint32_t access_mask,
1396 uint32_t *access_mask_out)
1397 {
1398 NTSTATUS status;
1399
1400 /*
1401 * Convert GENERIC bits to specific bits.
1402 */
1403
1404 se_map_generic(&access_mask, &file_generic_mapping);
1405
1406 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1407 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1408 if (file_existed) {
1409
1410 struct security_descriptor *sd;
1411 uint32_t access_granted = 0;
1412
1413 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1414 (OWNER_SECURITY_INFORMATION |
1415 GROUP_SECURITY_INFORMATION |
1416 DACL_SECURITY_INFORMATION),&sd);
1417
1418 if (!NT_STATUS_IS_OK(status)) {
1419 DEBUG(10, ("calculate_access_mask: Could not get acl "
1420 "on file %s: %s\n",
1421 smb_fname_str_dbg(smb_fname),
1422 nt_errstr(status)));
1423 return NT_STATUS_ACCESS_DENIED;
1424 }
1425
1426 status = smb1_file_se_access_check(conn,
1427 sd,
1428 get_current_nttok(conn),
1429 access_mask,
1430 &access_granted);
1431
1432 TALLOC_FREE(sd);
1433
1434 if (!NT_STATUS_IS_OK(status)) {
1435 DEBUG(10, ("calculate_access_mask: Access denied on "
1436 "file %s: when calculating maximum access\n",
1437 smb_fname_str_dbg(smb_fname)));
1438 return NT_STATUS_ACCESS_DENIED;
1439 }
1440
1441 access_mask = access_granted;
1442 } else {
1443 access_mask = FILE_GENERIC_ALL;
1444 }
1445 }
1446
1447 *access_mask_out = access_mask;
1448 return NT_STATUS_OK;
1449 }
1450
1451 /****************************************************************************
1452 Open a file with a share mode. Passed in an already created files_struct *.
1453 ****************************************************************************/
1454
1455 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1456 struct smb_request *req,
1457 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1458 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1459 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1460 uint32 create_options, /* options such as delete on close. */
1461 uint32 new_dos_attributes, /* attributes used for new file. */
1462 int oplock_request, /* internal Samba oplock codes. */
1463 /* Information (FILE_EXISTS etc.) */
1464 uint32_t private_flags, /* Samba specific flags. */
1465 int *pinfo,
1466 files_struct *fsp)
1467 {
1468 struct smb_filename *smb_fname = fsp->fsp_name;
1469 int flags=0;
1470 int flags2=0;
1471 bool file_existed = VALID_STAT(smb_fname->st);
1472 bool def_acl = False;
1473 bool posix_open = False;
1474 bool new_file_created = False;
1475 bool clear_ads = false;
1476 struct file_id id;
1477 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1478 mode_t new_unx_mode = (mode_t)0;
1479 mode_t unx_mode = (mode_t)0;
1480 int info;
1481 uint32 existing_dos_attributes = 0;
1482 struct timeval request_time = timeval_zero();
1483 struct share_mode_lock *lck = NULL;
1484 uint32 open_access_mask = access_mask;
1485 NTSTATUS status;
1486 char *parent_dir;
1487
1488 ZERO_STRUCT(id);
1489
1490 if (conn->printer) {
1491 /*
1492 * Printers are handled completely differently.
1493 * Most of the passed parameters are ignored.
1494 */
1495
1496 if (pinfo) {
1497 *pinfo = FILE_WAS_CREATED;
1498 }
1499
1500 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1501 smb_fname_str_dbg(smb_fname)));
1502
1503 if (!req) {
1504 DEBUG(0,("open_file_ntcreate: printer open without "
1505 "an SMB request!\n"));
1506 return NT_STATUS_INTERNAL_ERROR;
1507 }
1508
1509 return print_fsp_open(req, conn, smb_fname->base_name,
1510 req->vuid, fsp);
1511 }
1512
1513 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1514 NULL)) {
1515 return NT_STATUS_NO_MEMORY;
1516 }
1517
1518 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1519 posix_open = True;
1520 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1521 new_dos_attributes = 0;
1522 } else {
1523 /* We add aARCH to this as this mode is only used if the file is
1524 * created new. */
1525 unx_mode = unix_mode(conn, new_dos_attributes | aARCH,
1526 smb_fname, parent_dir);
1527 }
1528
1529 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1530 "access_mask=0x%x share_access=0x%x "
1531 "create_disposition = 0x%x create_options=0x%x "
1532 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1533 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1534 access_mask, share_access, create_disposition,
1535 create_options, (unsigned int)unx_mode, oplock_request,
1536 (unsigned int)private_flags));
1537
1538 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1539 DEBUG(0, ("No smb request but not an internal only open!\n"));
1540 return NT_STATUS_INTERNAL_ERROR;
1541 }
1542
1543 /*
1544 * Only non-internal opens can be deferred at all
1545 */
1546
1547 if (req) {
1548 void *ptr;
1549 if (get_deferred_open_message_state(req->mid,
1550 &request_time,
1551 &ptr)) {
1552
1553 struct deferred_open_record *state = (struct deferred_open_record *)ptr;
1554 /* Remember the absolute time of the original
1555 request with this mid. We'll use it later to
1556 see if this has timed out. */
1557
1558 /* Remove the deferred open entry under lock. */
1559 lck = get_share_mode_lock(talloc_tos(), state->id,
1560 NULL, NULL, NULL);
1561 if (lck == NULL) {
1562 DEBUG(0, ("could not get share mode lock\n"));
1563 } else {
1564 del_deferred_open_entry(lck, req->mid);
1565 TALLOC_FREE(lck);
1566 }
1567
1568 /* Ensure we don't reprocess this message. */
1569 remove_deferred_open_message_smb(req->mid);
1570 }
1571 }
1572
1573 status = check_name(conn, smb_fname->base_name);
1574 if (!NT_STATUS_IS_OK(status)) {
1575 return status;
1576 }
1577
1578 if (!posix_open) {
1579 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1580 if (file_existed) {
1581 existing_dos_attributes = dos_mode(conn, smb_fname);
1582 }
1583 }
1584
1585 /* ignore any oplock requests if oplocks are disabled */
1586 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1587 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1588 /* Mask off everything except the private Samba bits. */
1589 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1590 }
1591
1592 /* this is for OS/2 long file names - say we don't support them */
1593 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1594 /* OS/2 Workplace shell fix may be main code stream in a later
1595 * release. */
1596 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1597 "supported.\n"));
1598 if (use_nt_status()) {
1599 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1600 }
1601 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1602 }
1603
1604 switch( create_disposition ) {
1605 /*
1606 * Currently we're using FILE_SUPERSEDE as the same as
1607 * FILE_OVERWRITE_IF but they really are
1608 * different. FILE_SUPERSEDE deletes an existing file
1609 * (requiring delete access) then recreates it.
1610 */
1611 case FILE_SUPERSEDE:
1612 /* If file exists replace/overwrite. If file doesn't
1613 * exist create. */
1614 flags2 |= (O_CREAT | O_TRUNC);
1615 clear_ads = true;
1616 break;
1617
1618 case FILE_OVERWRITE_IF:
1619 /* If file exists replace/overwrite. If file doesn't
1620 * exist create. */
1621 flags2 |= (O_CREAT | O_TRUNC);
1622 clear_ads = true;
1623 break;
1624
1625 case FILE_OPEN:
1626 /* If file exists open. If file doesn't exist error. */
1627 if (!file_existed) {
1628 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1629 "requested for file %s and file "
1630 "doesn't exist.\n",
1631 smb_fname_str_dbg(smb_fname)));
1632 errno = ENOENT;
1633 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1634 }
1635 break;
1636
1637 case FILE_OVERWRITE:
1638 /* If file exists overwrite. If file doesn't exist
1639 * error. */
1640 if (!file_existed) {
1641 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1642 "requested for file %s and file "
1643 "doesn't exist.\n",
1644 smb_fname_str_dbg(smb_fname) ));
1645 errno = ENOENT;
1646 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1647 }
1648 flags2 |= O_TRUNC;
1649 clear_ads = true;
1650 break;
1651
1652 case FILE_CREATE:
1653 /* If file exists error. If file doesn't exist
1654 * create. */
1655 if (file_existed) {
1656 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1657 "requested for file %s and file "
1658 "already exists.\n",
1659 smb_fname_str_dbg(smb_fname)));
1660 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1661 errno = EISDIR;
1662 } else {
1663 errno = EEXIST;
1664 }
1665 return map_nt_error_from_unix(errno);
1666 }
1667 flags2 |= (O_CREAT|O_EXCL);
1668 break;
1669
1670 case FILE_OPEN_IF:
1671 /* If file exists open. If file doesn't exist
1672 * create. */
1673 flags2 |= O_CREAT;
1674 break;
1675
1676 default:
1677 return NT_STATUS_INVALID_PARAMETER;
1678 }
1679
1680 /* We only care about matching attributes on file exists and
1681 * overwrite. */
1682
1683 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1684 (create_disposition == FILE_OVERWRITE_IF))) {
1685 if (!open_match_attributes(conn, existing_dos_attributes,
1686 new_dos_attributes,
1687 smb_fname->st.st_ex_mode,
1688 unx_mode, &new_unx_mode)) {
1689 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1690 "for file %s (%x %x) (0%o, 0%o)\n",
1691 smb_fname_str_dbg(smb_fname),
1692 existing_dos_attributes,
1693 new_dos_attributes,
1694 (unsigned int)smb_fname->st.st_ex_mode,
1695 (unsigned int)unx_mode ));
1696 errno = EACCES;
1697 return NT_STATUS_ACCESS_DENIED;
1698 }
1699 }
1700
1701 status = calculate_access_mask(conn, smb_fname, file_existed,
1702 access_mask,
1703 &access_mask);
1704 if (!NT_STATUS_IS_OK(status)) {
1705 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1706 "on file %s returned %s\n",
1707 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1708 return status;
1709 }
1710
1711 open_access_mask = access_mask;
1712
1713 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1714 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1715 }
1716
1717 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1718 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1719 access_mask));
1720
1721 /*
1722 * Note that we ignore the append flag as append does not
1723 * mean the same thing under DOS and Unix.
1724 */
1725
1726 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1727 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1728 /* DENY_DOS opens are always underlying read-write on the
1729 file handle, no matter what the requested access mask
1730 says. */
1731 if ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1732 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1733 flags = O_RDWR;
1734 } else {
1735 flags = O_WRONLY;
1736 }
1737 } else {
1738 flags = O_RDONLY;
1739 }
1740
1741 /*
1742 * Currently we only look at FILE_WRITE_THROUGH for create options.
1743 */
1744
1745 #if defined(O_SYNC)
1746 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1747 flags2 |= O_SYNC;
1748 }
1749 #endif /* O_SYNC */
1750
1751 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1752 flags2 |= O_APPEND;
1753 }
1754
1755 if (!posix_open && !CAN_WRITE(conn)) {
1756 /*
1757 * We should really return a permission denied error if either
1758 * O_CREAT or O_TRUNC are set, but for compatibility with
1759 * older versions of Samba we just AND them out.
1760 */
1761 flags2 &= ~(O_CREAT|O_TRUNC);
1762 }
1763
1764 /*
1765 * Ensure we can't write on a read-only share or file.
1766 */
1767
1768 if (flags != O_RDONLY && file_existed &&
1769 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1770 DEBUG(5,("open_file_ntcreate: write access requested for "
1771 "file %s on read only %s\n",
1772 smb_fname_str_dbg(smb_fname),
1773 !CAN_WRITE(conn) ? "share" : "file" ));
1774 errno = EACCES;
1775 return NT_STATUS_ACCESS_DENIED;
1776 }
1777
1778 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1779 fsp->share_access = share_access;
1780 fsp->fh->private_options = private_flags;
1781 fsp->access_mask = open_access_mask; /* We change this to the
1782 * requested access_mask after
1783 * the open is done. */
1784 fsp->posix_open = posix_open;
1785
1786 /* Ensure no SAMBA_PRIVATE bits can be set. */
1787 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1788
1789 if (timeval_is_zero(&request_time)) {
1790 request_time = fsp->open_time;
1791 }
1792
1793 if (file_existed) {
1794 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1795 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1796
1797 lck = get_share_mode_lock(talloc_tos(), id,
1798 conn->connectpath,
1799 smb_fname, &old_write_time);
1800
1801 if (lck == NULL) {
1802 DEBUG(0, ("Could not get share mode lock\n"));
1803 return NT_STATUS_SHARING_VIOLATION;
1804 }
1805
1806 /* First pass - send break only on batch oplocks. */
1807 if ((req != NULL)
1808 && delay_for_oplocks(lck, fsp, req->mid, 1,
1809 oplock_request)) {
1810 schedule_defer_open(lck, request_time, req);
1811 TALLOC_FREE(lck);
1812 return NT_STATUS_SHARING_VIOLATION;
1813 }
1814
1815 /* Use the client requested access mask here, not the one we
1816 * open with. */
1817 status = open_mode_check(conn, lck, access_mask, share_access,
1818 create_options, &file_existed);
1819
1820 if (NT_STATUS_IS_OK(status)) {
1821 /* We might be going to allow this open. Check oplock
1822 * status again. */
1823 /* Second pass - send break for both batch or
1824 * exclusive oplocks. */
1825 if ((req != NULL)
1826 && delay_for_oplocks(lck, fsp, req->mid, 2,
1827 oplock_request)) {
1828 schedule_defer_open(lck, request_time, req);
1829 TALLOC_FREE(lck);
1830 return NT_STATUS_SHARING_VIOLATION;
1831 }
1832 }
1833
1834 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1835 /* DELETE_PENDING is not deferred for a second */
1836 TALLOC_FREE(lck);
1837 return status;
1838 }
1839
1840 if (!NT_STATUS_IS_OK(status)) {
1841 uint32 can_access_mask;
1842 bool can_access = True;
1843
1844 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1845
1846 /* Check if this can be done with the deny_dos and fcb
1847 * calls. */
1848 if (private_flags &
1849 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1850 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1851 if (req == NULL) {
1852 DEBUG(0, ("DOS open without an SMB "
1853 "request!\n"));
1854 TALLOC_FREE(lck);
1855 return NT_STATUS_INTERNAL_ERROR;
1856 }
1857
1858 /* Use the client requested access mask here,
1859 * not the one we open with. */
1860 status = fcb_or_dos_open(req,
1861 conn,
1862 fsp,
1863 smb_fname,
1864 id,
1865 req->smbpid,
1866 req->vuid,
1867 access_mask,
1868 share_access,
1869 create_options);
1870
1871 if (NT_STATUS_IS_OK(status)) {
1872 TALLOC_FREE(lck);
1873 if (pinfo) {
1874 *pinfo = FILE_WAS_OPENED;
1875 }
1876 return NT_STATUS_OK;
1877 }
1878 }
1879
1880 /*
1881 * This next line is a subtlety we need for
1882 * MS-Access. If a file open will fail due to share
1883 * permissions and also for security (access) reasons,
1884 * we need to return the access failed error, not the
1885 * share error. We can't open the file due to kernel
1886 * oplock deadlock (it's possible we failed above on
1887 * the open_mode_check()) so use a userspace check.
1888 */
1889
1890 if (flags & O_RDWR) {
1891 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1892 } else if (flags & O_WRONLY) {
1893 can_access_mask = FILE_WRITE_DATA;
1894 } else {
1895 can_access_mask = FILE_READ_DATA;
1896 }
1897
1898 if (((can_access_mask & FILE_WRITE_DATA) &&
1899 !CAN_WRITE(conn)) ||
1900 !can_access_file_data(conn, smb_fname,
1901 can_access_mask)) {
1902 can_access = False;
1903 }
1904
1905 /*
1906 * If we're returning a share violation, ensure we
1907 * cope with the braindead 1 second delay.
1908 */
1909
1910 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1911 lp_defer_sharing_violations()) {
1912 struct timeval timeout;
1913 struct deferred_open_record state;
1914 int timeout_usecs;
1915
1916 /* this is a hack to speed up torture tests
1917 in 'make test' */
1918 timeout_usecs = lp_parm_int(SNUM(conn),
1919 "smbd","sharedelay",
1920 SHARING_VIOLATION_USEC_WAIT);
1921
1922 /* This is a relative time, added to the absolute
1923 request_time value to get the absolute timeout time.
1924 Note that if this is the second or greater time we enter
1925 this codepath for this particular request mid then
1926 request_time is left as the absolute time of the *first*
1927 time this request mid was processed. This is what allows
1928 the request to eventually time out. */
1929
1930 timeout = timeval_set(0, timeout_usecs);
1931
1932 /* Nothing actually uses state.delayed_for_oplocks
1933 but it's handy to differentiate in debug messages
1934 between a 30 second delay due to oplock break, and
1935 a 1 second delay for share mode conflicts. */
1936
1937 state.delayed_for_oplocks = False;
1938 state.id = id;
1939
1940 if ((req != NULL)
1941 && !request_timed_out(request_time,
1942 timeout)) {
1943 defer_open(lck, request_time, timeout,
1944 req, &state);
1945 }
1946 }
1947
1948 TALLOC_FREE(lck);
1949 if (can_access) {
1950 /*
1951 * We have detected a sharing violation here
1952 * so return the correct error code
1953 */
1954 status = NT_STATUS_SHARING_VIOLATION;
1955 } else {
1956 status = NT_STATUS_ACCESS_DENIED;
1957 }
1958 return status;
1959 }
1960
1961 /*
1962 * We exit this block with the share entry *locked*.....
1963 */
1964 }
1965
1966 SMB_ASSERT(!file_existed || (lck != NULL));
1967
1968 /*
1969 * Ensure we pay attention to default ACLs on directories if required.
1970 */
1971
1972 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1973 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1974 unx_mode = 0777;
1975 }
1976
1977 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1978 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1979 (unsigned int)flags, (unsigned int)flags2,
1980 (unsigned int)unx_mode, (unsigned int)access_mask,
1981 (unsigned int)open_access_mask));
1982
1983 /*
1984 * open_file strips any O_TRUNC flags itself.
1985 */
1986
1987 fsp_open = open_file(fsp, conn, req, parent_dir,
1988 flags|flags2, unx_mode, access_mask,
1989 open_access_mask);
1990
1991 if (!NT_STATUS_IS_OK(fsp_open)) {
1992 if (lck != NULL) {
1993 TALLOC_FREE(lck);
1994 }
1995 return fsp_open;
1996 }
1997
1998 if (!file_existed) {
1999 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
2000 /*
2001 * Deal with the race condition where two smbd's detect the
2002 * file doesn't exist and do the create at the same time. One
2003 * of them will win and set a share mode, the other (ie. this
2004 * one) should check if the requested share mode for this
2005 * create is allowed.
2006 */
2007
2008 /*
2009 * Now the file exists and fsp is successfully opened,
2010 * fsp->dev and fsp->inode are valid and should replace the
2011 * dev=0,inode=0 from a non existent file. Spotted by
2012 * Nadav Danieli <nadavd@exanet.com>. JRA.
2013 */
2014
2015 id = fsp->file_id;
2016
2017 lck = get_share_mode_lock(talloc_tos(), id,
2018 conn->connectpath,
2019 smb_fname, &old_write_time);
2020
2021 if (lck == NULL) {
2022 DEBUG(0, ("open_file_ntcreate: Could not get share "
2023 "mode lock for %s\n",
2024 smb_fname_str_dbg(smb_fname)));
2025 fd_close(fsp);
2026 return NT_STATUS_SHARING_VIOLATION;
2027 }
2028
2029 /* First pass - send break only on batch oplocks. */
2030 if ((req != NULL)
2031 && delay_for_oplocks(lck, fsp, req->mid, 1,
2032 oplock_request)) {
2033 schedule_defer_open(lck, request_time, req);
2034 TALLOC_FREE(lck);
2035 fd_close(fsp);
2036 return NT_STATUS_SHARING_VIOLATION;
2037 }
2038
2039 status = open_mode_check(conn, lck, access_mask, share_access,
2040 create_options, &file_existed);
2041
2042 if (NT_STATUS_IS_OK(status)) {
2043 /* We might be going to allow this open. Check oplock
2044 * status again. */
2045 /* Second pass - send break for both batch or
2046 * exclusive oplocks. */
2047 if ((req != NULL)
2048 && delay_for_oplocks(lck, fsp, req->mid, 2,
2049 oplock_request)) {
2050 schedule_defer_open(lck, request_time, req);
2051 TALLOC_FREE(lck);
2052 fd_close(fsp);
2053 return NT_STATUS_SHARING_VIOLATION;
2054 }
2055 }
2056
2057 if (!NT_STATUS_IS_OK(status)) {
2058 struct deferred_open_record state;
2059
2060 fd_close(fsp);
2061
2062 state.delayed_for_oplocks = False;
2063 state.id = id;
2064
2065 /* Do it all over again immediately. In the second
2066 * round we will find that the file existed and handle
2067 * the DELETE_PENDING and FCB cases correctly. No need
2068 * to duplicate the code here. Essentially this is a
2069 * "goto top of this function", but don't tell
2070 * anybody... */
2071
2072 if (req != NULL) {
2073 defer_open(lck, request_time, timeval_zero(),
2074 req, &state);
2075 }
2076 TALLOC_FREE(lck);
2077 return status;
2078 }
2079
2080 /*
2081 * We exit this block with the share entry *locked*.....
2082 */
2083
2084 }
2085
2086 SMB_ASSERT(lck != NULL);
2087
2088 /* Delete streams if create_disposition requires it */
2089 if (file_existed && clear_ads &&
2090 !is_ntfs_stream_smb_fname(smb_fname)) {
2091 status = delete_all_streams(conn, smb_fname->base_name);
2092 if (!NT_STATUS_IS_OK(status)) {
2093 TALLOC_FREE(lck);
2094 fd_close(fsp);
2095 return status;
2096 }
2097 }
2098
2099 /* note that we ignore failure for the following. It is
2100 basically a hack for NFS, and NFS will never set one of
2101 these only read them. Nobody but Samba can ever set a deny
2102 mode and we have already checked our more authoritative
2103 locking database for permission to set this deny mode. If
2104 the kernel refuses the operations then the kernel is wrong.
2105 note that GPFS supports it as well - jmcd */
2106
2107 if (fsp->fh->fd != -1) {
2108 int ret_flock;
2109 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2110 if(ret_flock == -1 ){
2111
2112 TALLOC_FREE(lck);
2113 fd_close(fsp);
2114
2115 return NT_STATUS_SHARING_VIOLATION;
2116 }
2117 }
2118
2119 /*
2120 * At this point onwards, we can guarentee that the share entry
2121 * is locked, whether we created the file or not, and that the
2122 * deny mode is compatible with all current opens.
2123 */
2124
2125 /*
2126 * If requested, truncate the file.
2127 */
2128
2129 if (flags2&O_TRUNC) {
2130 /*
2131 * We are modifing the file after open - update the stat
2132 * struct..
2133 */
2134 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2135 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
2136 status = map_nt_error_from_unix(errno);
2137 TALLOC_FREE(lck);
2138 fd_close(fsp);
2139 return status;
2140 }
2141 }
2142
2143 /*
2144 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2145 */
2146 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2147
2148 if (file_existed) {
2149 /* stat opens on existing files don't get oplocks. */
2150 if (is_stat_open(open_access_mask)) {
2151 fsp->oplock_type = NO_OPLOCK;
2152 }
2153
2154 if (!(flags2 & O_TRUNC)) {
2155 info = FILE_WAS_OPENED;
2156 } else {
2157 info = FILE_WAS_OVERWRITTEN;
2158 }
2159 } else {
2160 info = FILE_WAS_CREATED;
2161 }
2162
2163 if (pinfo) {
2164 *pinfo = info;
2165 }
2166
2167 /*
2168 * Setup the oplock info in both the shared memory and
2169 * file structs.
2170 */
2171
2172 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2173 /* Could not get the kernel oplock */
2174 fsp->oplock_type = NO_OPLOCK;
2175 }
2176
2177 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2178 new_file_created = True;
2179 }
2180
2181 set_share_mode(lck, fsp, get_current_uid(conn), 0,
2182 fsp->oplock_type);
2183
2184 /* Handle strange delete on close create semantics. */
2185 if (create_options & FILE_DELETE_ON_CLOSE) {
2186
2187 status = can_set_delete_on_close(fsp, new_dos_attributes);
2188
2189 if (!NT_STATUS_IS_OK(status)) {
2190 /* Remember to delete the mode we just added. */
2191 del_share_mode(lck, fsp);
2192 TALLOC_FREE(lck);
2193 fd_close(fsp);
2194 return status;
2195 }
2196 /* Note that here we set the *inital* delete on close flag,
2197 not the regular one. The magic gets handled in close. */
2198 fsp->initial_delete_on_close = True;
2199 }
2200
2201 if (new_file_created) {
2202 /* Files should be initially set as archive */
2203 if (lp_map_archive(SNUM(conn)) ||
2204 lp_store_dos_attributes(SNUM(conn))) {
2205 if (!posix_open) {
2206 if (file_set_dosmode(conn, smb_fname,
2207 new_dos_attributes | aARCH,
2208 parent_dir, true) == 0) {
2209 unx_mode = smb_fname->st.st_ex_mode;
2210 }
2211 }
2212 }
2213 }
2214
2215 /*
2216 * Take care of inherited ACLs on created files - if default ACL not
2217 * selected.
2218 */
2219
2220 if (!posix_open && !file_existed && !def_acl) {
2221
2222 int saved_errno = errno; /* We might get ENOSYS in the next
2223 * call.. */
2224
2225 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2226 errno == ENOSYS) {
2227 errno = saved_errno; /* Ignore ENOSYS */
2228 }
2229
2230 } else if (new_unx_mode) {
2231
2232 int ret = -1;
2233
2234 /* Attributes need changing. File already existed. */
2235
2236 {
2237 int saved_errno = errno; /* We might get ENOSYS in the
2238 * next call.. */
2239 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2240
2241 if (ret == -1 && errno == ENOSYS) {
2242 errno = saved_errno; /* Ignore ENOSYS */
2243 } else {
2244 DEBUG(5, ("open_file_ntcreate: reset "
2245 "attributes of file %s to 0%o\n",
2246 smb_fname_str_dbg(smb_fname),
2247 (unsigned int)new_unx_mode));
2248 ret = 0; /* Don't do the fchmod below. */
2249 }
2250 }
2251
2252 if ((ret == -1) &&
2253 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2254 DEBUG(5, ("open_file_ntcreate: failed to reset "
2255 "attributes of file %s to 0%o\n",
2256 smb_fname_str_dbg(smb_fname),
2257 (unsigned int)new_unx_mode));
2258 }
2259
2260 /* If this is a successful open, we must remove any deferred open
2261 * records. */
2262 if (req != NULL) {
2263 del_deferred_open_entry(lck, req->mid);
2264 }
2265 TALLOC_FREE(lck);
2266
2267 return NT_STATUS_OK;
2268 }
2269
2270
2271 /****************************************************************************
2272 Open a file for for write to ensure that we can fchmod it.
2273 ****************************************************************************/
2274
2275 NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn,
2276 struct smb_filename *smb_fname,
2277 files_struct **result)
2278 {
2279 files_struct *fsp = NULL;
2280 NTSTATUS status;
2281
2282 if (!VALID_STAT(smb_fname->st)) {
2283 return NT_STATUS_INVALID_PARAMETER;
2284 }
2285
2286 status = file_new(req, conn, &fsp);
2287 if(!NT_STATUS_IS_OK(status)) {
2288 return status;
2289 }
2290
2291 status = SMB_VFS_CREATE_FILE(
2292 conn, /* conn */
2293 NULL, /* req */
2294 0, /* root_dir_fid */
2295 smb_fname, /* fname */
2296 FILE_WRITE_DATA, /* access_mask */
2297 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2298 FILE_SHARE_DELETE),
2299 FILE_OPEN, /* create_disposition*/
2300 0, /* create_options */
2301 0, /* file_attributes */
2302 0, /* oplock_request */
2303 0, /* allocation_size */
2304 0, /* private_flags */
2305 NULL, /* sd */
2306 NULL, /* ea_list */
2307 &fsp, /* result */
2308 NULL); /* pinfo */
2309
2310 /*
2311 * This is not a user visible file open.
2312 * Don't set a share mode.
2313 */
2314
2315 if (!NT_STATUS_IS_OK(status)) {
2316 file_free(req, fsp);
2317 return status;
2318 }
2319
2320 *result = fsp;
2321 return NT_STATUS_OK;
2322 }
2323
2324 /****************************************************************************
2325 Close the fchmod file fd - ensure no locks are lost.
2326 ****************************************************************************/
2327
2328 NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp)
2329 {
2330 NTSTATUS status = fd_close(fsp);
2331 file_free(req, fsp);
2332 return status;
2333 }
2334
2335 static NTSTATUS mkdir_internal(connection_struct *conn,
2336 struct smb_filename *smb_dname,
2337 uint32 file_attributes)
2338 {
2339 mode_t mode;
2340 char *parent_dir;
2341 NTSTATUS status;
2342 bool posix_open = false;
2343
2344 if(!CAN_WRITE(conn)) {
2345 DEBUG(5,("mkdir_internal: failing create on read-only share "
2346 "%s\n", lp_servicename(SNUM(conn))));
2347 return NT_STATUS_ACCESS_DENIED;
2348 }
2349
2350 status = check_name(conn, smb_dname->base_name);
2351 if (!NT_STATUS_IS_OK(status)) {
2352 return status;
2353 }
2354
2355 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2356 NULL)) {
2357 return NT_STATUS_NO_MEMORY;
2358 }
2359
2360 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2361 posix_open = true;
2362 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2363 } else {
2364 mode = unix_mode(conn, aDIR, smb_dname, parent_dir);
2365 }
2366
2367 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2368 return map_nt_error_from_unix(errno);
2369 }
2370
2371 /* Ensure we're checking for a symlink here.... */
2372 /* We don't want to get caught by a symlink racer. */
2373
2374 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2375 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2376 smb_fname_str_dbg(smb_dname), strerror(errno)));
2377 return map_nt_error_from_unix(errno);
2378 }
2379
2380 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2381 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2382 smb_fname_str_dbg(smb_dname)));
2383 return NT_STATUS_ACCESS_DENIED;
2384 }
2385
2386 if (lp_store_dos_attributes(SNUM(conn))) {
2387 if (!posix_open) {
2388 file_set_dosmode(conn, smb_dname,
2389 file_attributes | aDIR,
2390 parent_dir, true);
2391 }
2392 }
2393
2394 if (lp_inherit_perms(SNUM(conn))) {
2395 inherit_access_posix_acl(conn, parent_dir,
2396 smb_dname->base_name, mode);
2397 }
2398
2399 if (!posix_open) {
2400 /*
2401 * Check if high bits should have been set,
2402 * then (if bits are missing): add them.
2403 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2404 * dir.
2405 */
2406 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2407 (mode & ~smb_dname->st.st_ex_mode)) {
2408 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2409 (smb_dname->st.st_ex_mode |
2410 (mode & ~smb_dname->st.st_ex_mode)));
2411 }
2412 }
2413
2414 /* Change the owner if required. */
2415 if (lp_inherit_owner(SNUM(conn))) {
2416 change_dir_owner_to_parent(conn, parent_dir,
2417 smb_dname->base_name,
2418 &smb_dname->st);
2419 }
2420
2421 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2422 smb_dname->base_name);
2423
2424 return NT_STATUS_OK;
2425 }
2426
2427 /****************************************************************************
2428 Open a directory from an NT SMB call.
2429 ****************************************************************************/
2430
2431 static NTSTATUS open_directory(connection_struct *conn,
2432 struct smb_request *req,
2433 struct smb_filename *smb_dname,
2434 uint32 access_mask,
2435 uint32 share_access,
2436 uint32 create_disposition,
2437 uint32 create_options,
2438 uint32 file_attributes,
2439 int *pinfo,
2440 files_struct **result)
2441 {
2442 files_struct *fsp = NULL;
2443 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2444 struct share_mode_lock *lck = NULL;
2445 NTSTATUS status;
2446 struct timespec mtimespec;
2447 int info = 0;
2448
2449 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
2450
2451 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2452 "share_access = 0x%x create_options = 0x%x, "
2453 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2454 smb_fname_str_dbg(smb_dname),
2455 (unsigned int)access_mask,
2456 (unsigned int)share_access,
2457 (unsigned int)create_options,
2458 (unsigned int)create_disposition,
2459 (unsigned int)file_attributes));
2460
2461 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2462 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2463 is_ntfs_stream_smb_fname(smb_dname)) {
2464 DEBUG(2, ("open_directory: %s is a stream name!\n",
2465 smb_fname_str_dbg(smb_dname)));
2466 return NT_STATUS_NOT_A_DIRECTORY;
2467 }
2468
2469 status = calculate_access_mask(conn, smb_dname, dir_existed,
2470 access_mask, &access_mask);
2471 if (!NT_STATUS_IS_OK(status)) {
2472 DEBUG(10, ("open_directory: calculate_access_mask "
2473 "on file %s returned %s\n",
2474 smb_fname_str_dbg(smb_dname),
2475 nt_errstr(status)));
2476 return status;
2477 }
2478
2479 /* We need to support SeSecurityPrivilege for this. */
2480 if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
2481 DEBUG(10, ("open_directory: open on %s "
2482 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2483 smb_fname_str_dbg(smb_dname)));
2484 return NT_STATUS_PRIVILEGE_NOT_HELD;
2485 }
2486
2487 switch( create_disposition ) {
2488 case FILE_OPEN:
2489
2490 info = FILE_WAS_OPENED;
2491
2492 /*
2493 * We want to follow symlinks here.
2494 */
2495
2496 if (SMB_VFS_STAT(conn, smb_dname) != 0) {
2497 return map_nt_error_from_unix(errno);
2498 }
2499
2500 break;
2501
2502 case FILE_CREATE:
2503
2504 /* If directory exists error. If directory doesn't
2505 * exist create. */
2506
2507 status = mkdir_internal(conn, smb_dname,
2508 file_attributes);
2509
2510 if (!NT_STATUS_IS_OK(status)) {
2511 DEBUG(2, ("open_directory: unable to create "
2512 "%s. Error was %s\n",
2513 smb_fname_str_dbg(smb_dname),
2514 nt_errstr(status)));
2515 return status;
2516 }
2517
2518 info = FILE_WAS_CREATED;
2519 break;
2520
2521 case FILE_OPEN_IF:
2522 /*
2523 * If directory exists open. If directory doesn't
2524 * exist create.
2525 */
2526
2527 status = mkdir_internal(conn, smb_dname,
2528 file_attributes);
2529
2530 if (NT_STATUS_IS_OK(status)) {
2531 info = FILE_WAS_CREATED;
2532 }
2533
2534 if (NT_STATUS_EQUAL(status,
2535 NT_STATUS_OBJECT_NAME_COLLISION)) {
2536 info = FILE_WAS_OPENED;
2537 status = NT_STATUS_OK;
2538 }
2539
2540 break;
2541
2542 case FILE_SUPERSEDE:
2543 case FILE_OVERWRITE:
2544 case FILE_OVERWRITE_IF:
2545 default:
2546 DEBUG(5,("open_directory: invalid create_disposition "
2547 "0x%x for directory %s\n",
2548 (unsigned int)create_disposition,
2549 smb_fname_str_dbg(smb_dname)));
2550 return NT_STATUS_INVALID_PARAMETER;
2551 }
2552
2553 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2554 DEBUG(5,("open_directory: %s is not a directory !\n",
2555 smb_fname_str_dbg(smb_dname)));
2556 return NT_STATUS_NOT_A_DIRECTORY;
2557 }
2558
2559 if (info == FILE_WAS_OPENED) {
2560 uint32_t access_granted = 0;
2561 status = smbd_check_open_rights(conn, smb_dname, access_mask,
2562 &access_granted);
2563
2564 /* Were we trying to do a directory open
2565 * for delete and didn't get DELETE
2566 * access (only) ? Check if the
2567 * directory allows DELETE_CHILD.
2568 * See here:
2569 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2570 * for details. */
2571
2572 if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2573 (access_mask & DELETE_ACCESS) &&
2574 (access_granted == DELETE_ACCESS) &&
2575 can_delete_file_in_directory(conn, smb_dname))) {
2576 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2577 "on directory %s\n",
2578 smb_fname_str_dbg(smb_dname)));
2579 status = NT_STATUS_OK;
2580 }
2581
2582 if (!NT_STATUS_IS_OK(status)) {
2583 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2584 "file %s failed with %s\n",
2585 smb_fname_str_dbg(smb_dname),
2586 nt_errstr(status)));
2587 return status;
2588 }
2589 }
2590
2591 status = file_new(req, conn, &fsp);
2592 if(!NT_STATUS_IS_OK(status)) {
2593 return status;
2594 }
2595
2596 /*
2597 * Setup the files_struct for it.
2598 */
2599
2600 fsp->mode = smb_dname->st.st_ex_mode;
2601 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2602 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2603 fsp->file_pid = req ? req->smbpid : 0;
2604 fsp->can_lock = False;
2605 fsp->can_read = False;
2606 fsp->can_write = False;
2607
2608 fsp->share_access = share_access;
2609 fsp->fh->private_options = 0;
2610 /*
2611 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2612 */
2613 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2614 fsp->print_file = False;
2615 fsp->modified = False;
2616 fsp->oplock_type = NO_OPLOCK;
2617 fsp->sent_oplock_break = NO_BREAK_SENT;
2618 fsp->is_directory = True;
2619 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2620 status = fsp_set_smb_fname(fsp, smb_dname);
2621 if (!NT_STATUS_IS_OK(status)) {
2622 return status;
2623 }
2624
2625 mtimespec = smb_dname->st.st_ex_mtime;
2626
2627 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2628 conn->connectpath, smb_dname, &mtimespec);
2629
2630 if (lck == NULL) {
2631 DEBUG(0, ("open_directory: Could not get share mode lock for "
2632 "%s\n", smb_fname_str_dbg(smb_dname)));
2633 file_free(req, fsp);
2634 return NT_STATUS_SHARING_VIOLATION;
2635 }
2636
2637 status = open_mode_check(conn, lck, access_mask, share_access,
2638 create_options, &dir_existed);
2639
2640 if (!NT_STATUS_IS_OK(status)) {
2641 TALLOC_FREE(lck);
2642 file_free(req, fsp);
2643 return status;
2644 }
2645
2646 set_share_mode(lck, fsp, get_current_uid(conn), 0, NO_OPLOCK);
2647
2648 /* For directories the delete on close bit at open time seems
2649 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2650 if (create_options & FILE_DELETE_ON_CLOSE) {
2651 status = can_set_delete_on_close(fsp, 0);
2652 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2653 TALLOC_FREE(lck);
2654 file_free(req, fsp);
2655 return status;
2656 }
2657
2658 if (NT_STATUS_IS_OK(status)) {
2659 /* Note that here we set the *inital* delete on close flag,
2660 not the regular one. The magic gets handled in close. */
2661 fsp->initial_delete_on_close = True;
2662 }
2663 }
2664
2665 TALLOC_FREE(lck);
2666
2667 if (pinfo) {
2668 *pinfo = info;
2669 }
2670
2671 *result = fsp;
2672 return NT_STATUS_OK;
2673 }
2674
2675 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
2676 struct smb_filename *smb_dname)
2677 {
2678 NTSTATUS status;
2679 files_struct *fsp;
2680
2681 status = SMB_VFS_CREATE_FILE(
2682 conn, /* conn */
2683 req, /* req */
2684 0, /* root_dir_fid */
2685 smb_dname, /* fname */
2686 FILE_READ_ATTRIBUTES, /* access_mask */
2687 FILE_SHARE_NONE, /* share_access */
2688 FILE_CREATE, /* create_disposition*/
2689 FILE_DIRECTORY_FILE, /* create_options */
2690 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2691 0, /* oplock_request */
2692 0, /* allocation_size */
2693 0, /* private_flags */
2694 NULL, /* sd */
2695 NULL, /* ea_list */
2696 &fsp, /* result */
2697 NULL); /* pinfo */
2698
2699 if (NT_STATUS_IS_OK(status)) {
2700 close_file(req, fsp, NORMAL_CLOSE);
2701 }
2702
2703 return status;
2704 }
2705
2706 /****************************************************************************
2707 Receive notification that one of our open files has been renamed by another
2708 smbd process.
2709 ****************************************************************************/
2710
2711 void msg_file_was_renamed(struct messaging_context *msg,
2712 void *private_data,
2713 uint32_t msg_type,
2714 struct server_id server_id,
2715 DATA_BLOB *data)
2716 {
2717 files_struct *fsp;
2718 char *frm = (char *)data->data;
2719 struct file_id id;
2720 const char *sharepath;
2721 const char *base_name;
2722 const char *stream_name;
2723 struct smb_filename *smb_fname = NULL;
2724 size_t sp_len, bn_len;
2725 NTSTATUS status;
2726
2727 if (data->data == NULL
2728 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2729 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2730 (int)data->length));
2731 return;
2732 }
2733
2734 /* Unpack the message. */
2735 pull_file_id_24(frm, &id);
2736 sharepath = &frm[24];
2737 sp_len = strlen(sharepath);
2738 base_name = sharepath + sp_len + 1;
2739 bn_len = strlen(base_name);
2740 stream_name = sharepath + sp_len + 1 + bn_len + 1;
2741
2742 /* stream_name must always be NULL if there is no stream. */
2743 if (stream_name[0] == '\0') {
2744 stream_name = NULL;
2745 }
2746
2747 status = create_synthetic_smb_fname(talloc_tos(), base_name,
2748 stream_name, NULL, &smb_fname);
2749 if (!NT_STATUS_IS_OK(status)) {
2750 return;
2751 }
2752
2753 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2754 "file_id %s\n",
2755 sharepath, smb_fname_str_dbg(smb_fname),
2756 file_id_string_tos(&id)));
2757
2758 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2759 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2760
2761 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2762 fsp->fnum, fsp_str_dbg(fsp),
2763 smb_fname_str_dbg(smb_fname)));
2764 status = fsp_set_smb_fname(fsp, smb_fname);
2765 if (!NT_STATUS_IS_OK(status)) {
2766 goto out;
2767 }
2768 } else {
2769 /* TODO. JRA. */
2770 /* Now we have the complete path we can work out if this is
2771 actually within this share and adjust newname accordingly. */
2772 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2773 "not sharepath %s) "
2774 "fnum %d from %s -> %s\n",
2775 fsp->conn->connectpath,
2776 sharepath,
2777 fsp->fnum,
2778 fsp_str_dbg(fsp),
2779 smb_fname_str_dbg(smb_fname)));
2780 }
2781 }
2782 out:
2783 TALLOC_FREE(smb_fname);
2784 return;
2785 }
2786
2787 /*
2788 * If a main file is opened for delete, all streams need to be checked for
2789 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2790 * If that works, delete them all by setting the delete on close and close.
2791 */
2792
2793 NTSTATUS open_streams_for_delete(connection_struct *conn,
2794 const char *fname)
2795 {
2796 struct stream_struct *stream_info;
2797 files_struct **streams;
2798 int i;
2799 unsigned int num_streams;
2800 TALLOC_CTX *frame = talloc_stackframe();
2801 NTSTATUS status;
2802
2803 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2804 &num_streams, &stream_info);
2805
2806 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2807 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2808 DEBUG(10, ("no streams around\n"));
2809 TALLOC_FREE(frame);
2810 return NT_STATUS_OK;
2811 }
2812
2813 if (!NT_STATUS_IS_OK(status)) {
2814 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2815 nt_errstr(status)));
2816 goto fail;
2817 }
2818
2819 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2820 num_streams));
2821
2822 if (num_streams == 0) {
2823 TALLOC_FREE(frame);
2824 return NT_STATUS_OK;
2825 }
2826
2827 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2828 if (streams == NULL) {
2829 DEBUG(0, ("talloc failed\n"));
2830 status = NT_STATUS_NO_MEMORY;
2831 goto fail;
2832 }
2833
2834 for (i=0; i<num_streams; i++) {
2835 struct smb_filename *smb_fname = NULL;
2836
2837 if (strequal(stream_info[i].name, "::$DATA")) {
2838 streams[i] = NULL;
2839 continue;
2840 }
2841
2842 status = create_synthetic_smb_fname(talloc_tos(), fname,
2843 stream_info[i].name,
2844 NULL, &smb_fname);
2845 if (!NT_STATUS_IS_OK(status)) {
2846 goto fail;
2847 }
2848
2849 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
2850 DEBUG(10, ("Unable to stat stream: %s\n",
2851 smb_fname_str_dbg(smb_fname)));
2852 }
2853
2854 status = SMB_VFS_CREATE_FILE(
2855 conn, /* conn */
2856 NULL, /* req */
2857 0, /* root_dir_fid */
2858 smb_fname, /* fname */
2859 DELETE_ACCESS, /* access_mask */
2860 (FILE_SHARE_READ | /* share_access */
2861 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
2862 FILE_OPEN, /* create_disposition*/
2863 0, /* create_options */
2864 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2865 0, /* oplock_request */
2866 0, /* allocation_size */
2867 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
2868 NULL, /* sd */
2869 NULL, /* ea_list */
2870 &streams[i], /* result */
2871 NULL); /* pinfo */
2872
2873 if (!NT_STATUS_IS_OK(status)) {
2874 DEBUG(10, ("Could not open stream %s: %s\n",
2875 smb_fname_str_dbg(smb_fname),
2876 nt_errstr(status)));
2877
2878 TALLOC_FREE(smb_fname);
2879 break;
2880 }
2881 TALLOC_FREE(smb_fname);
2882 }
2883
2884 /*
2885 * don't touch the variable "status" beyond this point :-)
2886 */
2887
2888 for (i -= 1 ; i >= 0; i--) {
2889 if (streams[i] == NULL) {
2890 continue;
2891 }
2892
2893 DEBUG(10, ("Closing stream # %d, %s\n", i,
2894 fsp_str_dbg(streams[i])));
2895 close_file(NULL, streams[i], NORMAL_CLOSE);
2896 }
2897
2898 fail:
2899 TALLOC_FREE(frame);
2900 return status;
2901 }
2902
2903 /*
2904 * Wrapper around open_file_ntcreate and open_directory
2905 */
2906
2907 static NTSTATUS create_file_unixpath(connection_struct *conn,
2908 struct smb_request *req,
2909 struct smb_filename *smb_fname,
2910 uint32_t access_mask,
2911 uint32_t share_access,
2912 uint32_t create_disposition,
2913 uint32_t create_options,
2914 uint32_t file_attributes,
2915 uint32_t oplock_request,
2916 uint64_t allocation_size,
2917 uint32_t private_flags,
2918 struct security_descriptor *sd,
2919 struct ea_list *ea_list,
2920
2921 files_struct **result,
2922 int *pinfo)
2923 {
2924 int info = FILE_WAS_OPENED;
2925 files_struct *base_fsp = NULL;
2926 files_struct *fsp = NULL;
2927 NTSTATUS status;
2928
2929 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2930 "file_attributes = 0x%x, share_access = 0x%x, "
2931 "create_disposition = 0x%x create_options = 0x%x "
2932 "oplock_request = 0x%x private_flags = 0x%x "
2933 "ea_list = 0x%p, sd = 0x%p, "
2934 "fname = %s\n",
2935 (unsigned int)access_mask,
2936 (unsigned int)file_attributes,
2937 (unsigned int)share_access,
2938 (unsigned int)create_disposition,
2939 (unsigned int)create_options,
2940 (unsigned int)oplock_request,
2941 (unsigned int)private_flags,
2942 ea_list, sd, smb_fname_str_dbg(smb_fname)));
2943
2944 if (create_options & FILE_OPEN_BY_FILE_ID) {
2945 status = NT_STATUS_NOT_SUPPORTED;
2946 goto fail;
2947 }
2948
2949 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2950 status = NT_STATUS_INVALID_PARAMETER;
2951 goto fail;
2952 }
2953
2954 if (req == NULL) {
2955 oplock_request |= INTERNAL_OPEN_ONLY;
2956 }
2957
2958 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2959 && (access_mask & DELETE_ACCESS)
2960 && !is_ntfs_stream_smb_fname(smb_fname)) {
2961 /*
2962 * We can't open a file with DELETE access if any of the
2963 * streams is open without FILE_SHARE_DELETE
2964 */
2965 status = open_streams_for_delete(conn, smb_fname->base_name);
2966
2967 if (!NT_STATUS_IS_OK(status)) {
2968 goto fail;
2969 }
2970 }
2971
2972 /* This is the correct thing to do (check every time) but can_delete
2973 * is expensive (it may have to read the parent directory
2974 * permissions). So for now we're not doing it unless we have a strong
2975 * hint the client is really going to delete this file. If the client
2976 * is forcing FILE_CREATE let the filesystem take care of the
2977 * permissions. */
2978
2979 /* Setting FILE_SHARE_DELETE is the hint. */
2980
2981 if (lp_acl_check_permissions(SNUM(conn))
2982 && (create_disposition != FILE_CREATE)
2983 && (share_access & FILE_SHARE_DELETE)
2984 && (access_mask & DELETE_ACCESS)
2985 && (!(can_delete_file_in_directory(conn, smb_fname) ||
2986 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
2987 status = NT_STATUS_ACCESS_DENIED;
2988 DEBUG(10,("create_file_unixpath: open file %s "
2989 "for delete ACCESS_DENIED\n",
2990 smb_fname_str_dbg(smb_fname)));
2991 goto fail;
2992 }
2993
2994 #if 0
2995 /* We need to support SeSecurityPrivilege for this. */
2996 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2997 !user_has_privileges(current_user.nt_user_token,
2998 &se_security)) {
2999 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3000 goto fail;
3001 }
3002 #else
3003 /* We need to support SeSecurityPrivilege for this. */
3004 if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
3005 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3006 goto fail;
3007 }
3008 /* Don't allow a SACL set from an NTtrans create until we
3009 * support SeSecurityPrivilege. */
3010 if (!VALID_STAT(smb_fname->st) &&
3011 lp_nt_acl_support(SNUM(conn)) &&
3012 sd && (sd->sacl != NULL)) {
3013 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3014 goto fail;
3015 }
3016 #endif
3017
3018 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3019 && is_ntfs_stream_smb_fname(smb_fname)
3020 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3021 uint32 base_create_disposition;
3022 struct smb_filename *smb_fname_base = NULL;
3023
3024 if (create_options & FILE_DIRECTORY_FILE) {
3025 status = NT_STATUS_NOT_A_DIRECTORY;
3026 goto fail;
3027 }
3028
3029 switch (create_disposition) {
3030 case FILE_OPEN:
3031 base_create_disposition = FILE_OPEN;
3032 break;
3033 default:
3034 base_create_disposition = FILE_OPEN_IF;
3035 break;
3036 }
3037
3038 /* Create an smb_filename with stream_name == NULL. */
3039 status = create_synthetic_smb_fname(talloc_tos(),
3040 smb_fname->base_name,
3041 NULL, NULL,
3042 &smb_fname_base);
3043 if (!NT_STATUS_IS_OK(status)) {
3044 goto fail;
3045 }
3046
3047 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3048 DEBUG(10, ("Unable to stat stream: %s\n",
3049 smb_fname_str_dbg(smb_fname_base)));
3050 }
3051
3052 /* Open the base file. */
3053 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3054 FILE_SHARE_READ
3055 | FILE_SHARE_WRITE
3056 | FILE_SHARE_DELETE,
3057 base_create_disposition,
3058 0, 0, 0, 0, 0, NULL, NULL,
3059 &base_fsp, NULL);
3060 TALLOC_FREE(smb_fname_base);
3061
3062 if (!NT_STATUS_IS_OK(status)) {
3063 DEBUG(10, ("create_file_unixpath for base %s failed: "
3064 "%s\n", smb_fname->base_name,
3065 nt_errstr(status)));
3066 goto fail;
3067 }
3068 /* we don't need to low level fd */
3069 fd_close(base_fsp);
3070 }
3071
3072 /*
3073 * If it's a request for a directory open, deal with it separately.
3074 */
3075
3076 if (create_options & FILE_DIRECTORY_FILE) {
3077
3078 if (create_options & FILE_NON_DIRECTORY_FILE) {
3079 status = NT_STATUS_INVALID_PARAMETER;
3080 goto fail;
3081 }
3082
3083 /* Can't open a temp directory. IFS kit test. */
3084 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3085 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3086 status = NT_STATUS_INVALID_PARAMETER;
3087 goto fail;
3088 }
3089
3090 /*
3091 * We will get a create directory here if the Win32
3092 * app specified a security descriptor in the
3093 * CreateDirectory() call.
3094 */
3095
3096 oplock_request = 0;
3097 status = open_directory(
3098 conn, req, smb_fname, access_mask, share_access,
3099 create_disposition, create_options, file_attributes,
3100 &info, &fsp);
3101 } else {
3102
3103 /*
3104 * Ordinary file case.
3105 */
3106
3107 status = file_new(req, conn, &fsp);
3108 if(!NT_STATUS_IS_OK(status)) {
3109 goto fail;
3110 }
3111
3112 status = fsp_set_smb_fname(fsp, smb_fname);
3113 if (!NT_STATUS_IS_OK(status)) {
3114 goto fail;
3115 }
3116
3117 /*
3118 * We're opening the stream element of a base_fsp
3119 * we already opened. Set up the base_fsp pointer.
3120 */
3121 if (base_fsp) {
3122 fsp->base_fsp = base_fsp;
3123 }
3124
3125 status = open_file_ntcreate(conn,
3126 req,
3127 access_mask,
3128 share_access,
3129 create_disposition,
3130 create_options,
3131 file_attributes,
3132 oplock_request,
3133 private_flags,
3134 &info,
3135 fsp);
3136
3137 if(!NT_STATUS_IS_OK(status)) {
3138 file_free(req, fsp);
3139 fsp = NULL;
3140 }
3141
3142 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3143
3144 /* A stream open never opens a directory */
3145
3146 if (base_fsp) {
3147 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3148 goto fail;
3149 }
3150
3151 /*
3152 * Fail the open if it was explicitly a non-directory
3153 * file.
3154 */
3155
3156 if (create_options & FILE_NON_DIRECTORY_FILE) {
3157 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3158 goto fail;
3159 }
3160
3161 oplock_request = 0;
3162 status = open_directory(
3163 conn, req, smb_fname, access_mask,
3164 share_access, create_disposition,
3165 create_options, file_attributes,
3166 &info, &fsp);
3167 }
3168 }
3169
3170 if (!NT_STATUS_IS_OK(status)) {
3171 goto fail;
3172 }
3173
3174 fsp->base_fsp = base_fsp;
3175
3176 /*
3177 * According to the MS documentation, the only time the security
3178 * descriptor is applied to the opened file is iff we *created* the
3179 * file; an existing file stays the same.
3180 *
3181 * Also, it seems (from observation) that you can open the file with
3182 * any access mask but you can still write the sd. We need to override
3183 * the granted access before we call set_sd
3184 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3185 */
3186
3187 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3188 && lp_nt_acl_support(SNUM(conn))) {
3189
3190 uint32_t sec_info_sent;
3191 uint32_t saved_access_mask = fsp->access_mask;
3192
3193 sec_info_sent = get_sec_info(sd);
3194
3195 fsp->access_mask = FILE_GENERIC_ALL;
3196
3197 /* Convert all the generic bits. */
3198 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3199 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3200
3201 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3202 GROUP_SECURITY_INFORMATION|
3203 DACL_SECURITY_INFORMATION|
3204 SACL_SECURITY_INFORMATION)) {
3205 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3206 }
3207
3208 fsp->access_mask = saved_access_mask;
3209
3210 if (!NT_STATUS_IS_OK(status)) {
3211 goto fail;
3212 }
3213 }
3214
3215 if ((ea_list != NULL) &&
3216 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3217 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3218 if (!NT_STATUS_IS_OK(status)) {
3219 goto fail;
3220 }
3221 }
3222
3223 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3224 status = NT_STATUS_ACCESS_DENIED;
3225 goto fail;
3226 }
3227
3228 /* Save the requested allocation size. */
3229 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3230 if (allocation_size
3231 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3232 fsp->initial_allocation_size = smb_roundup(
3233 fsp->conn, allocation_size);
3234 if (fsp->is_directory) {
3235 /* Can't set allocation size on a directory. */
3236 status = NT_STATUS_ACCESS_DENIED;
3237 goto fail;
3238 }
3239 if (vfs_allocate_file_space(
3240 fsp, fsp->initial_allocation_size) == -1) {
3241 status = NT_STATUS_DISK_FULL;
3242 goto fail;
3243 }
3244 } else {
3245 fsp->initial_allocation_size = smb_roundup(
3246 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3247 }
3248 }
3249
3250 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3251
3252 *result = fsp;
3253 if (pinfo != NULL) {
3254 *pinfo = info;
3255 }
3256
3257 smb_fname->st = fsp->fsp_name->st;
3258
3259 return NT_STATUS_OK;
3260
3261 fail:
3262 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3263
3264 if (fsp != NULL) {
3265 if (base_fsp && fsp->base_fsp == base_fsp) {
3266 /*
3267 * The close_file below will close
3268 * fsp->base_fsp.
3269 */
3270 base_fsp = NULL;
3271 }
3272 close_file(req, fsp, ERROR_CLOSE);
3273 fsp = NULL;
3274 }
3275 if (base_fsp != NULL) {
3276 close_file(req, base_fsp, ERROR_CLOSE);
3277 base_fsp = NULL;
3278 }
3279 return status;
3280 }
3281
3282 /*
3283 * Calculate the full path name given a relative fid.
3284 */
3285 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3286 struct smb_request *req,
3287 uint16_t root_dir_fid,
3288 struct smb_filename *smb_fname)
3289 {
3290 files_struct *dir_fsp;
3291 char *parent_fname = NULL;
3292 char *new_base_name = NULL;
3293 NTSTATUS status;
3294
3295 if (root_dir_fid == 0 || !smb_fname) {
3296 status = NT_STATUS_INTERNAL_ERROR;
3297 goto out;
3298 }
3299
3300 dir_fsp = file_fsp(req, root_dir_fid);
3301
3302 if (dir_fsp == NULL) {
3303 status = NT_STATUS_INVALID_HANDLE;
3304 goto out;
3305 }
3306
3307 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3308 status = NT_STATUS_INVALID_HANDLE;
3309 goto out;
3310 }
3311
3312 if (!dir_fsp->is_directory) {
3313
3314 /*
3315 * Check to see if this is a mac fork of some kind.
3316 */
3317
3318 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3319 is_ntfs_stream_smb_fname(smb_fname)) {
3320 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3321 goto out;
3322 }
3323
3324 /*
3325 we need to handle the case when we get a
3326 relative open relative to a file and the
3327 pathname is blank - this is a reopen!
3328 (hint from demyn plantenberg)
3329 */
3330
3331 status = NT_STATUS_INVALID_HANDLE;
3332 goto out;
3333 }
3334
3335 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3336 /*
3337 * We're at the toplevel dir, the final file name
3338 * must not contain ./, as this is filtered out
3339 * normally by srvstr_get_path and unix_convert
3340 * explicitly rejects paths containing ./.
3341 */
3342 parent_fname = talloc_strdup(talloc_tos(), "");
3343 if (parent_fname == NULL) {
3344 status = NT_STATUS_NO_MEMORY;
3345 goto out;
3346 }
3347 } else {
3348 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3349
3350 /*
3351 * Copy in the base directory name.
3352 */
3353
3354 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3355 dir_name_len+2);
3356 if (parent_fname == NULL) {
3357 status = NT_STATUS_NO_MEMORY;
3358 goto out;
3359 }
3360 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3361 dir_name_len+1);
3362
3363 /*
3364 * Ensure it ends in a '/'.
3365 * We used TALLOC_SIZE +2 to add space for the '/'.
3366 */
3367
3368 if(dir_name_len
3369 && (parent_fname[dir_name_len-1] != '\\')
3370 && (parent_fname[dir_name_len-1] != '/')) {
3371 parent_fname[dir_name_len] = '/';
3372 parent_fname[dir_name_len+1] = '\0';
3373 }
3374 }
3375
3376 new_base_name = talloc_asprintf(smb_fname, "%s%s", parent_fname,
3377 smb_fname->base_name);
3378 if (new_base_name == NULL) {
3379 status = NT_STATUS_NO_MEMORY;
3380 goto out;
3381 }
3382
3383 TALLOC_FREE(smb_fname->base_name);
3384 smb_fname->base_name = new_base_name;
3385 status = NT_STATUS_OK;
3386
3387 out:
3388 TALLOC_FREE(parent_fname);
3389 return status;
3390 }
3391
3392 NTSTATUS create_file_default(connection_struct *conn,
3393 struct smb_request *req,
3394 uint16_t root_dir_fid,
3395 struct smb_filename *smb_fname,
3396 uint32_t access_mask,
3397 uint32_t share_access,
3398 uint32_t create_disposition,
3399 uint32_t create_options,
3400 uint32_t file_attributes,
3401 uint32_t oplock_request,
3402 uint64_t allocation_size,
3403 uint32_t private_flags,
3404 struct security_descriptor *sd,
3405 struct ea_list *ea_list,
3406 files_struct **result,
3407 int *pinfo)
3408 {
3409 int info = FILE_WAS_OPENED;
3410 files_struct *fsp = NULL;
3411 NTSTATUS status;
3412
3413 DEBUG(10,("create_file: access_mask = 0x%x "
3414 "file_attributes = 0x%x, share_access = 0x%x, "
3415 "create_disposition = 0x%x create_options = 0x%x "
3416 "oplock_request = 0x%x "
3417 "private_flags = 0x%x "
3418 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3419 "fname = %s\n",
3420 (unsigned int)access_mask,
3421 (unsigned int)file_attributes,
3422 (unsigned int)share_access,
3423 (unsigned int)create_disposition,
3424 (unsigned int)create_options,
3425 (unsigned int)oplock_request,
3426 (unsigned int)private_flags,
3427 (unsigned int)root_dir_fid,
3428 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3429
3430 /*
3431 * Calculate the filename from the root_dir_if if necessary.
3432 */
3433
3434 if (root_dir_fid != 0) {
3435 status = get_relative_fid_filename(conn, req, root_dir_fid,
3436 smb_fname);
3437 if (!NT_STATUS_IS_OK(status)) {
3438 goto fail;
3439 }
3440 }
3441
3442 /*
3443 * Check to see if this is a mac fork of some kind.
3444 */
3445
3446 if (is_ntfs_stream_smb_fname(smb_fname)) {
3447 enum FAKE_FILE_TYPE fake_file_type;
3448
3449 fake_file_type = is_fake_file(smb_fname);
3450
3451 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3452
3453 /*
3454 * Here we go! support for changing the disk quotas
3455 * --metze
3456 *
3457 * We need to fake up to open this MAGIC QUOTA file
3458 * and return a valid FID.
3459 *
3460 * w2k close this file directly after openening xp
3461 * also tries a QUERY_FILE_INFO on the file and then
3462 * close it
3463 */
3464 status = open_fake_file(req, conn, req->vuid,
3465 fake_file_type, smb_fname,
3466 access_mask, &fsp);
3467 if (!NT_STATUS_IS_OK(status)) {
3468 goto fail;
3469 }
3470
3471 ZERO_STRUCT(smb_fname->st);
3472 goto done;
3473 }
3474
3475 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3476 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3477 goto fail;
3478 }
3479 }
3480
3481 /* All file access must go through check_name() */
3482
3483 status = check_name(conn, smb_fname->base_name);
3484 if (!NT_STATUS_IS_OK(status)) {
3485 goto fail;
3486 }
3487
3488 status = create_file_unixpath(
3489 conn, req, smb_fname, access_mask, share_access,
3490 create_disposition, create_options, file_attributes,
3491 oplock_request, allocation_size, private_flags,
3492 sd, ea_list,
3493 &fsp, &info);
3494
3495 if (!NT_STATUS_IS_OK(status)) {
3496 goto fail;
3497 }
3498
3499 done:
3500 DEBUG(10, ("create_file: info=%d\n", info));
3501
3502 *result = fsp;
3503 if (pinfo != NULL) {
3504 *pinfo = info;
3505 }
3506 return NT_STATUS_OK;
3507
3508 fail:
3509 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3510
3511 if (fsp != NULL) {
3512 close_file(req, fsp, ERROR_CLOSE);
3513 fsp = NULL;
3514 }
3515 return status;
3516 }